Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: ibinsfei on October 02, 2024, 11:44:47 AM

Title: Strange wireguard behaviour
Post by: ibinsfei on October 02, 2024, 11:44:47 AM
I set up a wireguard-server on my opnsense with access to the LAN for clients.
What is very strage, is, that the wireguard-client can ping (and access) some of LAN-clients and other not.
The opnsense can ping all of the clients in the LAN.
Also a traceroute from the wireguard-client is strange.
A traceroute from the wireguard to the opnsenses LAN-Address doesn't work, a ping does.
A trace route from the wireguard-client to a pingable LAN-IP shows stars iin the first hop.

pings from opnsense (192.168.101.100):
Code Select
root@OPNsenseNew:/conf # ping -c 3 192.168.101.100
PING 192.168.101.100 (192.168.101.100): 56 data bytes
64 bytes from 192.168.101.100: icmp_seq=0 ttl=64 time=0.074 ms
64 bytes from 192.168.101.100: icmp_seq=1 ttl=64 time=0.110 ms
64 bytes from 192.168.101.100: icmp_seq=2 ttl=64 time=0.116 ms

--- 192.168.101.100 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.074/0.100/0.116/0.019 ms
root@OPNsenseNew:/conf # ping -c 3 192.168.101.56
PING 192.168.101.56 (192.168.101.56): 56 data bytes
64 bytes from 192.168.101.56: icmp_seq=0 ttl=64 time=0.550 ms
64 bytes from 192.168.101.56: icmp_seq=1 ttl=64 time=0.514 ms
64 bytes from 192.168.101.56: icmp_seq=2 ttl=64 time=0.218 ms

--- 192.168.101.56 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.218/0.427/0.550/0.149 ms
root@OPNsenseNew:/conf # ping -c 3 192.168.101.200
PING 192.168.101.200 (192.168.101.200): 56 data bytes
64 bytes from 192.168.101.200: icmp_seq=0 ttl=64 time=0.285 ms
64 bytes from 192.168.101.200: icmp_seq=1 ttl=64 time=0.278 ms
64 bytes from 192.168.101.200: icmp_seq=2 ttl=64 time=0.235 ms

--- 192.168.101.200 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.235/0.266/0.285/0.022 ms

ping from wireguard client:
Code Select
root@debiantesting:~# ping -c 3 192.168.101.100
PING 192.168.101.100 (192.168.101.100) 56(84) bytes of data.
64 bytes from 192.168.101.100: icmp_seq=1 ttl=64 time=24.9 ms
64 bytes from 192.168.101.100: icmp_seq=2 ttl=64 time=22.5 ms
64 bytes from 192.168.101.100: icmp_seq=3 ttl=64 time=22.2 ms

--- 192.168.101.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 22.245/23.221/24.925/1.208 ms
root@debiantesting:~# ping -c 3 192.168.101.56
PING 192.168.101.56 (192.168.101.56) 56(84) bytes of data.
64 bytes from 192.168.101.56: icmp_seq=1 ttl=63 time=20.6 ms
64 bytes from 192.168.101.56: icmp_seq=2 ttl=63 time=23.9 ms
64 bytes from 192.168.101.56: icmp_seq=3 ttl=63 time=21.1 ms

--- 192.168.101.56 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 20.589/21.883/23.932/1.465 ms
root@debiantesting:~# ping -c 3 192.168.101.200
PING 192.168.101.200 (192.168.101.200) 56(84) bytes of data.

--- 192.168.101.200 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2056ms

traceroute from wireguard-client:
Code Select
root@debiantesting:~# traceroute -n 192.168.101.100
traceroute to 192.168.101.100 (192.168.101.100), 30 hops max, 60 byte packets
1  * * *
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
root@debiantesting:~# traceroute -n 192.168.101.56
traceroute to 192.168.101.56 (192.168.101.56), 30 hops max, 60 byte packets
1  * * *
2  192.168.101.56  26.109 ms  26.078 ms  26.020 ms
Text only | Text with Images