Hello! I am VERY new to OPNsense (as of last night) and networking is not my strong suit. I have 2 places I frequent, with one running a Proxmox server along with various VM's and CT's like TrueNAS, Ubuntu server, Docker containers, etc. etc. I wanted to create a WireGuard VPN on the desktop running OPNsense so that whenever I am at the other place, or anywhere else, I can access my home network and connect to my Proxmox and NAS storage. I created the VPN following some guides and got it setup just fine on my phone scanning the QR code, I can access the internet and anything on the server including opening the OPNsense router default gateway UI. I tried to create another peer for my computer(s) but alas no matter what I do it does not connect to anything on the server, no ProxMox no TrueNAS and it cannot even connect to the default gateway and access the OPNsense WEB UI like the phone. It can access the internet, and browse and do whatever, just not connect to any of the IP's running on the local network.
Is there a fix for this? Why is it my phone can connect to all the services but not any other peer I try to create? Any help would be appreciated :).
Welcome to OPNsense. ;-)
Alright, let's try to tackle this. First I need a bit of more info. You mentioned "WireGuard VPN on the desktop running OPNsense". Usually OPNsense is running on the edge router (the one that is connected to the Internet).
Internet <--> OPNsense <--> home network (proxmox, NAS, other clients)
But your statement points to something like: Internet <--> ??? <--> home network (OPNsense, proxmox, NAS, other clients)
Can you please clarify your topology?
I use Wireguard myself to access my network from the outside (road warrior setup).
For the sake of argument and the following examples, let's use 10.20.30.1 as your wireguard instance's tunnel address and 51820 as the port. Clients will then use 10.20.30.2 to 10.20.30.254. Your home network uses 192.168.1.0/24
There are a few things to be aware of:
1) You need one WAN rule to let traffic in to the Wireguard port
Protocol: IPv4 UDP | Source: * | Port: * | Destination: WAN address | Port: 51820 | Gateway: *
2) On your Wireguard interface (e.g. WG0) you need rules to specify what clients are allowed to access in your network
e.g. the client with ip address 10.20.30.2 is allowed to access your entire network
Protocol: IPv4 | Source: 10.20.30.2 | Port: * | Destination: * | Port: * | Gateway: *
3) The "Allowed IPs" setting on the wireguard client determines which traffic uses the Wireguard connection. Thus make sure your tunnel address and your home network are included.
AllowedIPs = 192.168.1.0/24, 10.20.30.1/32