First some facts about my network(s) and my goal(s):
- LAN net: 10.0.0.0/24, dynamic /56 Prefix from my ISP
- Dual Stack setup
- WireGuard net: 10.0.1.0/24
- I want full LAN net access over WireGuard to my LAN net with IPv4 and IPv6
- All traffic from WireGuard clients should go over WireGuard connection
- To access the internet with active WG configuration, there's a specific gateway on my OPNsense the WG clients must use
- OPNsense version 24.7.11_2
WireGuard instance on my OPNsense:
(https://media.discordapp.net/attachments/590944589091962892/1321012066265333812/image.png?ex=676bafdb&is=676a5e5b&hm=33e93ea3279f42ea511b865111dd1488bead66966c1450e979d9e92fa6927f4f&=&format=webp&quality=lossless)
Example of a peer configuration on my OPNsense:
(https://media.discordapp.net/attachments/590944589091962892/1321012459674402826/image.png?ex=676bb039&is=676a5eb9&hm=2c114323d15aceb4442160006458bbad2d2d8debdfd5a943e08b1a0450e402f8&=&format=webp&quality=lossless)
Example of a WireGuard configuration of one of my clients:
(https://media.discordapp.net/attachments/590944589091962892/1321013636575137833/image.png?ex=676bb152&is=676a5fd2&hm=8adc770ffd19a86ee7463c212b5184ddca236e6af8d2c11b5b95f6dfd26b8f2e&=&format=webp&quality=lossless)
WAN firewall rule to allow inbound WireGuard connections from WAN:
(https://media.discordapp.net/attachments/590944589091962892/1321014120585236511/image.png?ex=676bb1c5&is=676a6045&hm=14c6dab8e0b2ed7cffbe95880d7d00450880c351f58ff4205439229fe22c121f&=&format=webp&quality=lossless&width=918&height=95)
WireGuard firewall rules:
(https://media.discordapp.net/attachments/590944589091962892/1321014516288458823/image.png?ex=676bb223&is=676a60a3&hm=e0311b486da2102abae8ce0118884ca8aa31c5872975101095ee1e2ff9a93f80&=&format=webp&quality=lossless&width=918&height=147)
I tried this configuration, but all I could achieve so far is getting a connection between my OPNsense and the WG client, so that the WG client could access the internet from my OPNsense over the default gateway (but that's not what I want) and that only with IPv4. The LAN net isn't accessible at all.
Looks like I'm too blind to see why it isn't working. Would appreciate some help from more experienced people to tell me what I did wrong.
Thanks in advance.
Remove IPv6-Support completely until IPv4 works flawlessly like you want.
And maybe don't use the WireGuard Tab at all and assign an interface for your WG-Server. But that is only an uneducated guess, could be unnecessary but it can't hurt.
Quote from: Bob.Dig on December 24, 2024, 07:58:51 PMRemove IPv6-Support completely until IPv4 works flawlessly like you want.
How would this help? It's not like IPv4 and IPv6 are blocking each other in any way.
Quote from: Bob.Dig on December 24, 2024, 07:58:51 PMAnd maybe don't use the WireGuard Tab at all and assign an interface for your WG-Server. But that is only an uneducated guess, could be unnecessary but it can't hurt.
The firewall rules in the screenshot are assigned to the virtual WireGuard interface, that I had to assign in the interfaces settings first.