Hi all,
hope someone can help please.
I've got a Wireguard VPN server hosted on a Linode VPS.
I can connect and use it fine (e.g browse internet) using the Wireguard client on my Windows PC, so know that that Wireguard server is working fine.
I've setup the same config on OPNSense and have the tunnel up, with handshake data passing fine. I've also created the interface.
My issue is with the gateway. I've created the gateway but have no idea what to use as the gateway IP.
I've tried allsorts...tunnel IPs, public IP of the Linode VPS...but it just does not work.
Any ideas please?
Wireguard VPS Server tunnel IP: 10.5.0.1
Peer IP (OPNSense): 10.5.0.2
many thanks for any input....
So, I've managed to enter a gateway that shows as up, and also noticed I missed the NAT entry on OPNSense.
I now have traffic passing, but am left with one issue.
DNS does not seem to work if the client PC is set to use the OPNSense IP for DNS...
If I change the DNS on the client to 1.1.1.1 then resolution works fine and whatsmyIP reports on the expected IP of the Linode VPS server.
Any ideas what I need to do to get the OPNSense DNS service to work when I a client is using the Linode VPN?
The client had the following IP details:
IP: 192.168.0.21
Mask: 255.255.255.0
GW: 192.168.0.1
DNS: 192.168.0.1
DNS resolution didn't work until I set the client DNS to 1.1.1.1.
Quote from: cardblower on Today at 02:17:21 PMDNS resolution didn't work until I set the client DNS to 1.1.1.1.
That's because ALL TRAFFIC is forced through the WireGuard Tunnel once you connect to it ofcourse :)
Why don't you use 10.5.0.1 as DNS Server since that seems to work for your Windows PC when it connects directly to the WireGuard Server ?!
Another option is to setup
'Split-Horizon' so the VPN Client can talk to a Local DNS Server.
Quote from: nero355 on Today at 02:25:52 PMQuote from: cardblower on Today at 02:17:21 PMDNS resolution didn't work until I set the client DNS to 1.1.1.1.
That's because ALL TRAFFIC is forced through the WireGuard Tunnel once you connect to it ofcourse :)
Why don't you use 10.5.0.1 as DNS Server since that seems to work for your Windows PC when it connects directly to the WireGuard Server ?!
Another option is to setup 'Split-Horizon' so the VPN Client can talk to a Local DNS Server.
Many thanks for this - you are 100% correct.
I've changed my firewall rule that pushes the traffic to the VPN to only push traffic that is not destined for the firewall itself. That way it allows the firewall to handle the DNS requests :-)
Seems to work well now.