OPNsense Forum
English Forums => General Discussion => Topic started by: tinkerytinker on July 18, 2019, 12:16:56 pm
-
Before switching to OPNsense I was running a different (linux) router where I had a working setup to allow remote clients access to my LAN via Wireguard. Wireguard runs on a dedicated client/server connected to the LAN-NIC but within its own VLAN. This setup works when not using OPNsense as router and firewall.
On the OPNsense I have (WAN) portforwarding active for the wireguard port pointing to the wireguard server's IP.
Rules allow access on this port from my main LAN to the wireguard machine's VLAN. For testing I actually fully opened these two firewalls, makes no difference.
I'm pretty sure the issue is related to a missing gateway configuration but I don't understand the logic of OPNsense ('s GUI).
Could anybody explain what I need to do exactly? The goal is to a) allow the remote client to access the WAN via the Wireguard VPN and b) allow the remote client access to the local clients/main LAN. Input much appreciated!
-
Can you see via tcpdump if the packets arrive at your Wireguard server?
-
I don't see why that shouldn't be possible. Probably a stupid question but: should I do that on the router-box or on the wireguard server/box? I have never used tcpdump before. The wireguard server is running a Dietpi, i.e. linux so tcpdump as a tool will not be a problem.
-
You run tcpdump on the wireguard box, if you see a packet arriving, portforward works, if your box sends a reply it also work has a correct gateway. Then you go to OPN and do the tcpdump on WAN interface and check if the packet leaves.
With 19.7 you can also run wireguard on the OPN itself ...