Re,
Here my network https://ibb.co/nbqbfvd
The connection between the two firewall is made by wireguard with this tuto
https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
PCs are connected on local internet without problems and access to the server via static route.
What I would like is the PC3 is connected to remote internet.
I try with this tuto but without success https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
I am sure I miss something or I don't understand the concept.
VoilĂ , voila
Did you add an outbound NAT rule for PC3 on the remote site?
Nop, The tuto don't talk about this :p
How I do ?
It doesn't aim to route upstream traffic to the remote site.
On the remote go to Firewall > NAT > Outbound.
If it's in automatic mode enable hybrid and save it.
Add a rule:
interface: WAN
source: <PC3 IP> or the local subnet in case, you want to route also other hosts over later
destination: any
translation: WAN address
No still doesn't work.
Do you have tutorial I can follow to be sure I have a good setup?
Just for information, with windows or android client I have internet, everything work. I supposed it s problem with gateway from local opnsense.
Quote from: Gautier on November 08, 2024, 05:58:52 AM
Just for information, with windows or android client I have internet, everything work. I supposed it s problem with gateway from local opnsense.
Not clear, how the these clients come into play in this setup.
Are these connected to the same VPN?
As I understood, you have a site-to-site VPN and intend to route the upstream traffic from site A to site B.
For other client I connect them to the same wireguard instance and it's work.
I configure the outbound like say, I configure rules, I configure gateway. I think I configure something wrong but what?
I dont understand the principe of Outbound, what is it ?
Now it's. Don't ask me why but it's work.
I have DNS leak and I would like to fixe that ( and without kill switch if possible)
Quote from: Gautier on November 15, 2024, 04:04:46 PM
I dont understand the principe of Outbound, what is it ?
Outbound NAT.
Network Address Translation changes network addresses (IPs) as its name implies.
The IPs we're talking about here are the ones in IP packets. NAT on OPNsense is also capable to translate ports, however.
An IP packet carries the source IP and port and the destination IP and port. Any can be translated by NAT.
S-NAT translates sources, D-NAT translates destinations.
Outbound NAT does S-NAT.
In the suggested rule the remote router translates the source IP in packets coming from PC3 to its WAN IP.
This is essential, when accessing the internet, because nobody out there would know the route to the private IP of PC3. Private network ranges are not routed in the internet.
So outgoing packets on the WAN get the WAN address of the router, which is probably a public IP. So devices in the internet are able to route responses back to the remote WAN.
OPNsense adds outbound NAT rules for local subnet automatically. You can see it at the bottom of the page. But it doesn't add rule for remote networks.
QuoteI have DNS leak and I would like to fixe that ( and without kill switch if possible)
Use the remote DNS server on PC3. You can forward DNS requests on OPNsense to the remote server.
Alternatively you can use a public DNS server on the PC. Since all upstream traffic is routed to the remote site, also DNS request to a public server will go out on the remote WAN.
I just put in dhcp lease the remote routeur... Magic
Nearly Magic. For work it's enough!
I have also on the remote server on jellyfin server.
If I am connected from external or use IP 10.2.1.14 , everything ok.
If I connect via reverse proxy on my router, the video stuck.
I can say internet quite slow when I use wireguard VPN. I run a speed test and everythings looks good. it's just video or download mail, connect to one drive.