Hi,
I have the following - simplified - network topology:
┌────────────────┐ ┌───────────────┐ ┌─────────────────┐
│ │ │ │ │ │
│ Servers │.2 192.168.252.0/24 .1│ OPNsense │.1 192.168.251.0/24 .2│ MikroTik (IoT) │
│ 172.16.32.0/24 ├───────────────────────┤ 172.16.8.0/24 ├───────────────────────┤ 172.16.64.0/24 │
│ │wg0 Wireguard wg0│ │wg1 Wireguard wg0│ │
└───────┬────────┘ └───────┬───────┘ └────────┬────────┘
│ │ │
│ │ │
│ │ │
│ │ │
xxxxxxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxxxx
x x x x x x
x Internet x x Internet x x Internet x
x (Datacenter) x x (Fibre) x x (Cellular) x
x x x x x x
xxxxxxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxxxx
Currently, the two tunnels can reach the allowed subnets of its endpoint. e.g. ("OPNSense" can reach 172.16.64.0/24 and 172.16.32/0).
What I like to achieve is, that "MikroTik" can reach the subnet of "172.16.32.0/24".
Therefore, I configured on "MikroTik" AllowedIPs: 192.168.251.1/32,172.16.8.0/24,172.16.32.0/24.
But I'm unable to ping or reach anything on "Servers". On the "OPNsense" I don't see any blocked traffic. But I see that the traffic was forwarded or at least passed (screenshot).
Could the route back be the issue? Where and what has to be added (routing table on "Servers" or additional AlloedIPs on "Servers"?
Thank you and have nice Sunday
Cheers Danny
You have to do the same on "Servers": Add 172.16.64.0/24 to the allowed IPs there.
Also, make sure your firewall rules allow these connections.
Cheers
Maurice
Why don't you just create one Wireguard network, with two Peers:
On Servers, the peers will be OPNSense and Mikrotik,
On OPNSense, the peers will be Servers and Mikrotik,
On Mikrotik, the peers will be OPNSense and Servers
That way everyone can talk to each other over the same WG network.