Hello, I am trying to config WireGuard Site To Site with only one public IP address.
Lets call them
Network A - Public IP
Network B - Behind NAT
Both Sites are on LATEST version of OpnSense
Owned networks
Network A:10.0.0.0/24
10.2.20.0/24
10.2.30.0/24
Network B:10.2.0.0/24
Network AName: WireGuard.A
PublicKey: <key>
PrivateKey: <key>
Listen Port <port>
Tunnel Address: 10.25.25.1/24
Peers: <NetworkB.Gateway>
Peer:Name: NetworkB.Gateway
PublicKey: <key>
Pre-shared key: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.25.25.2/32, 10.2.0.0/24
KeepAlive: 10s
Network B:Instance:
Name: WireGuard.NetworkA
PublicKey <key>
PrivateKey: <key>
ListenPort: <port>
Tunnel Address: 10.25.25.2/32
Peers: NetworkA.Gateway
Peer B:Name: NetworkA.Gateway
PublicKey: <key>
PresharedKey: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.2.30.0/24, 10.2.0.0/24
Endpoing: gateway.networkA.com
endpoint port: <port>
KeepAlive: 10s
I have NAT rules:From * to * on WireGuard NetworkA and B interfaces
Problem:When I ping from Network B anything in 10.2.20.0/24 and 10.0.0.0/24 IT WORKS
But it doesnt work backwards. When Network A pings anything from Network B i get Timeout:
PING 10.2.0.5 (10.2.0.5): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
I read online that this might be due to some rules, but I have Allow ALL everywhere
What did a package capture and noticed that the package go through but it doesnt go back for some reason: https://ibb.co/8DQkRmx
I am unable to troubleshoot this on my own, would like to ask the community for help. I do not know what I am doing wrong.
If two sites had public IPs would have been easier :(
Thanks in advance!
-----------------------------------
Added Images for easier view:
https://ibb.co/T2h6Tpm
https://ibb.co/8DQkRmx
https://ibb.co/p4f3wkk
https://ibb.co/23hk8PF
https://ibb.co/fSL3sKK
https://ibb.co/DCLWW4V
https://ibb.co/276Rgvc
https://ibb.co/NtjN8Xj
https://ibb.co/Jz6Xgr4
(https://i.ibb.co/T2h6Tpm/Network-A-Instance.png) (https://ibb.co/T2h6Tpm) (https://i.ibb.co/8DQkRmx/Package-Capture.png) (https://ibb.co/8DQkRmx) (https://i.ibb.co/p4f3wkk/Network-A-peer.png) (https://ibb.co/p4f3wkk) (https://i.ibb.co/23hk8PF/image.png) (https://ibb.co/23hk8PF) (https://i.ibb.co/fSL3sKK/image.png) (https://ibb.co/fSL3sKK) (https://i.ibb.co/DCLWW4V/image.png) (https://ibb.co/DCLWW4V) (https://i.ibb.co/276Rgvc/image.png) (https://ibb.co/276Rgvc) (https://i.ibb.co/NtjN8Xj/image.png) (https://ibb.co/NtjN8Xj) (https://i.ibb.co/Jz6Xgr4/image.png) (https://ibb.co/Jz6Xgr4)
Solved.
I happened to have more than one Peer with the same AllowedIP addresses and I guess it was causing routing issue.
Deleted all others Peers with same routes and problem disappeared.