Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: jungleHomeLab on October 02, 2024, 03:19:47 PM

Title: WireGuard VPN - Can access OPNsense but no resources on LAN
Post by: jungleHomeLab on October 02, 2024, 03:19:47 PM
Hey everyone,

Been trying to troubleshoot this issue by looking at all the other forum posts made but I haven't had any luck. Here's another one on the pile...

I am able to connect to my home network and access the internet. When I try to access Pi-Hole (192.168.1.5/24) or Proxmox (192.168.1.2/24) I am not able to get anything. I can only connect to OPNsense which resides on (192.168.1.1/24)

Code Select

[Interface]
PrivateKey = UGdXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 192.168.1.16/24
DNS = 192.168.1.1

[Peer]
PublicKey = MrsbabgkC+tZEjW1YZbfMUVTg7rerZqOwVcwfN9Rbzg=
AllowedIPs = 0.0.0.0/0
Endpoint = XXXXXXXX.duckdns.org:51820

Here is my WireGuard config.

I have double checked my work and followed the road warrior setup to a tee. I'm assuming the issue is related to traffic handled by the LAN firewall rule.

These rules allow any traffic from the WireGuard group to reach any destination in my network. Not sure what else I can add here.

https://bashify.io/img/6e8b316cafa626d84beed6d23f735d38 (https://bashify.io/img/6e8b316cafa626d84beed6d23f735d38)

Any help would be greatly appreciated!
Title: Re: WireGuard VPN - Can access OPNsense but no resources on LAN
Post by: jungleHomeLab on October 02, 2024, 04:39:29 PM
edit--

I was able to get this figured out. It turns out WireGuard will not route to the local LAN if you connect it to the same subnet.

As soon as I changed it to 192.168.2.1/24 for the instance and 192.168.2.2/24 for the peer I was able to access resources on the LAN.

Is there any reason WireGuard couldn't access other connections on my LAN in the same 192.168.1.0/24 subnet even though the instance and peer were on unused addresses?

Thanks for taking the time to view this!
Title: Re: WireGuard VPN - Can access OPNsense but no resources on LAN
Post by: jjrushford on October 03, 2024, 06:08:09 PM
You should be able to access other resources as long as allowed IPs are set to 192.168.2.0/24 and 192.168.1.0/24.  Now you also might want to consider altering your subnets on your home network.  Most coffee shops and hotels use 192.168.1.0/24 as their wifi network.  This has caused me issues in the past with routing to my home network when using OpenVPN so, I switched my networks to use a /24 in the middle of the 10.0.0.0 range.  For example, 10.130.1.0/24 and 10.130.2.0/24 and I no-longer have the routing issues while out and about.  With that said though, I've since switched from using OpenVPN to wireguard.  Since wireguard uses tunneling and routes the allowed IP's via the tunnel, the subnet routing may not really be an issue.  Just thought I'd mention it though.
Title: Re: WireGuard VPN - Can access OPNsense but no resources on LAN
Post by: jungleHomeLab on October 07, 2024, 09:36:35 PM
I appreciate the insight and will keep this in mind for the future. Thank you!
Text only | Text with Images