Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: jejema2 on April 18, 2025, 11:44:36 AM

Title: [SOLVED] Another Wireguard without acces to LAN
Post by: jejema2 on April 18, 2025, 11:44:36 AM
Hello,
after having checked many topics, tuto...I decided to add another topic there...sorry ^^

My config:


          | -- opnsense:      WAH DHCP        -- 10.0.0.253              |
          |                                                                                                    |
ISP--|                                                                                                    | -- VIP 10.0.0.254 -- LAN 10.0.0.0/24
          |                                                                                                    |                                 
          | -- opnsense2: WAN DHCP (MAC spoof) -- 10.0.0.252 |


WG setup :
Instance: 10.0.10.1/24
Pair: 10.0.10.2/32
Carp dependency on VIP 10.0.0.254 checked

WG client :
authorized IP : 0.0.0.0/0

LAN FW:
(https://i.postimg.cc/rp7qFVHg/LAN-FW.png)

WG FW:
(https://i.postimg.cc/L6vRgB7J/WG-FW.png)

WAN NAT:
(https://i.postimg.cc/Sxs46YFD/WAN-NAT.png)

Firewall let pass WG to LAN (10.0.0.10 is my internal DNS):
(https://i.postimg.cc/rFt2VJwS/WG-to-lan.png)

Symptoms : VPN client (android phone) connects to instance ok (handshake ok, WAN firewall rule is ok) on opnsense(master of the vip)
ping 10.0.0.254 (VIP) ok
ping 10.0.0.253 ok
ping to LAN addresses (10.0.0.10 for example) KO

Could you help me with this ?:)




Title: Re: Another Wireguard without acces to LAN
Post by: jejema2 on April 18, 2025, 05:50:36 PM
I found thatI did not put the good mask for IP configuration my 10.0.0.10 server (/8 instead of /24) ...(champiooooon)

Ping and all other access are ok now ^^

you can close
Text only | Text with Images