Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: therecker on July 11, 2023, 06:17:13 PM

Title: Asymmetric Routing Assistance
Post by: therecker on July 11, 2023, 06:17:13 PM
I have moved to opnsense from Sophos Appliances. I'm struggling with asymmetric routing and just cannot seem to get it to work. It was super easy to do in Sophos. I would just goto the CLI and enter the following commands and bam it would work.

Console> set advanced-firewall bypass-stateful-firewall-config add source_network 10.10.10.0 source_netmask 255.255.255.0 dest_network 10.252.252.0 dest_netmask 255.255.255.0

Console> set advanced-firewall bypass-stateful-firewall-config add source_network 10.10.10.0 source_netmask 255.255.255.0 dest_network 192.168.50.0 dest_netmask 255.255.255.0

So my scenario is this. I am running Wireguard VPN on a device in my lan 10.10.10.240. It has a connection to another device that resides on 192.168.50.x. The wireguard tunnel network is 10.252.252.x. I want to be able to communicate with these networks from my lan via IP. Right now I just get a failure. I'm just not sure where to start. I have a read a ton of documentation and try some of it but none of it works. And the Wireguard tunnel is up and passing traffic from the 10.10.10.240 device. I have a fw rule that is allowing the udp traffic to pass through the wan.

Any assistance would be greatly appreciated.
Title: Re: Asymmetric Routing Assistance
Post by: CJ on July 11, 2023, 08:08:59 PM
Do I understand correctly that your LAN is 192.168.50.0 and your WG is 10.10.10.0?

Did you configure any firewall rules for the WG to allow it access to anything like in the guide?  Or did you just allow the incoming port to the WG service on WAN?
Title: Re: Asymmetric Routing Assistance
Post by: therecker on July 11, 2023, 09:34:50 PM
My LAN is 10.10.10.0
The Wireguard is NOT running on the Firewall but on another device on my LAN at 10.10.10.240
The far network is 192.168.50.0 and the Wireguard tunnel is 10.252.252.0

I hope that clarifies things.
Title: Re: Asymmetric Routing Assistance
Post by: Patrick M. Hausen on July 11, 2023, 09:55:46 PM
Die you create a gateway (System > Gateways) in OPNsense for 10.10.10.240 and add a static route to your WireGuard networks?
Title: Re: Asymmetric Routing Assistance
Post by: mimugmail on July 11, 2023, 10:19:27 PM
In GUI set the filter rule, at the bottom tick advanced, scroll down, "keep state" to none
Title: Re: Asymmetric Routing Assistance
Post by: therecker on July 12, 2023, 01:38:01 AM
Quote from: pmhausen on July 11, 2023, 09:55:46 PM
Die you create a gateway (System > Gateways) in OPNsense for 10.10.10.240 and add a static route to your WireGuard networks?

This worked.

I don't know why that seemed so difficult to me but ended up being so simple.

Thank you for your help.
Text only | Text with Images