Fresh install and updated to 24.1.2_1.
I have wiregaurd VPN configured, and I am able to make a connection. Once connected I can access the web GUI of the OpnSense firewall on the client connected via VPN with no issue. However I am unable to access any other resources on the LAN side of the network.
I setup my instance following the instructions here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html
I'm fairly new at all this, so if there are some kind of config files I can/should share please let me know and I can do that.
Any help would be greatly appreciated, thanks.
Seems like you need to set up firewall rules allowing this.
Probably missing a proper rule to allow to access it.
Shows us the Rule you have for WG on the WG interface under Firewall.
Regards,
S.
Here is a screen grab of the fw rule on the wg interface
I believe the source will be the IP of the client on the remote network. Try changing the source to "any".
Changing the source to any didnt seem to do anything.
Rule looks okay,
Can you enable LOGing of the this specific rule?
Can you please make a picture of all of the Rules under WG interface?
Also did you purge the state table after implementing this rule or any other rule?
Did you implement any outbound (egress rule)?
Can you reach internet when host is using WG? (meaning internet is working okay but intranet LAN is not)
Did you configure mss clamping and proper MTU on WG?
Then>
Can you go to Firewall > log files > live view
Set source to your WG host IP
Try to connect with that specific host to any of your LAN resources
Make a screenshot of the live view and share it
Regards,
S.
I think I've managed to track down the problem.
When I set this up initially WAN was using DHCP. I then reconfigured WAN to STATIC and that seems to be where my issues began.
In the wizard, I did not explicitly enter an upstream gateway address, which was causing my WAN gateway to default to a defunct status. It's odd because I know that it was showing as working immediately after the DHCP to STATIC IP change, but it fell off sometime after.
I walked through the wizard again and specified the upstream gateway IP in the STATIC configs for the WAN and immediately after wireguard connections were able to see resources on the internal LAN again.
This also highlighted an issue with DNS and the internal LAN devices not being able to resolve webpages (I'm still in the setup phase so there were no users to complain about missing internet access). I realized I needed to manually input some public DNS servers in the Settings > General area and specify my WAN_GW for them.
Thank you everyone for your assistance!
Glad to hear you were able to find the problem.
Please adjust your thread with [SOLVED] ;)
Regards,
S.