Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: mkjelle on April 10, 2026, 12:12:46 PM

Title: Need help with setting up a Wireguard Site-To-Site VPN for school project
Post by: mkjelle on April 10, 2026, 12:12:46 PM
Hello people

I am in the middle of making my final school project, which includes setting up a Site-To-Site VPN. I can get a handshake between the 2 sites, but i cant access any of the interfaces between the two sites. Can anyone help me?

Here are some details:

Site 1:
Wan IP: 192.168.1.114/24 (OPNsense router connected to an existing network)
I have multiple differents VLANs set up, but i want to access the other site from VLAN 60, which is my management VLAN. The VLAN has the ip address of 192.168.60.1.

Site 2:
Wan IP: 192.168.1.122/24 (OPNsense router Connected to the same existing Network as router 1)
LAN IP: 192.168.110.1/24

As you can see on the attached pictures, i have setup a wireguard instance on each site. On site 1 the Tunnel Adress is 10.100.100.1/24 and on Site 2 the Tunnel Adress is 10.100.100.2/24. The listening port is 51821 on each site, as i also have a Client-to-site vpn running on port 51820 on site 1.

On Each site I have setup a peer. On Site 1 the peer has the public key of Site 2 and the allowed ips is 10.100.100.2/32 and 192.168.110.0/24. The endpoint adress is 192.168.1.122. On Site 2 the peer has the public key of site 1 and the allowed IP's is 10.100.100.1/32 and 192.168.60.0/24. The endpoint address is 192.168.1.114.

On the WAN interface on each site, i have created a rule that allows all incoming traffic to the WAN adress on port 51821. On the Wireguard Interface on each site i have created an any-any allow rule just for testing purposes.

On Site 2 i have a allow any to LAN Net rule just to make sure that it doesnt block access

On Site 1 i have a allow VLAN 60 net to access any to make sure it has access to everything.

So why cant i ping 192.168.110.179 (An ubuntu machine that is connected in LAN to Site 2) from my pc that is in VLAN 60 on Site 1?

I hope that one or more of you can help me.
In advance, thank you.

Title: Re: Need help with setting up a Wireguard Site-To-Site VPN for school project
Post by: nero355 on April 10, 2026, 04:07:01 PM
Quote from: mkjelle on Today at 12:12:46 PMSite 1:
Wan IP: 192.168.1.114/24 (OPNsense router connected to an existing network)

Site 2:
Wan IP: 192.168.1.122/24 (OPNsense router Connected to the same existing Network as router 1)
If you want those two to communicate without contacting their Default Gateway on their WAN DHCP Interface each time you need to take care of this : https://forum.opnsense.org/index.php?topic=50956.msg264248#msg264248

I can't find the right article in the documentation right now, but the information in that post is the same :)
Text only | Text with Images