OPNsense Forum
English Forums => General Discussion => Topic started by: hockey6611 on June 17, 2020, 10:49:41 pm
-
I run a Wireguard server on my Opnsense VM, which runs behind my firewall/NAT, which is currently pfsense. I realize this is not ideal and complicates things quite a bit, but this is my setup currently.
Wireguard works perfectly when I am outside of my network. I forward the port from the WAN to my opnsense instance.
However, I cannot seems to get return packets to my client when attempting to connect via the LAN on wifi. This is of particular issue when I am outside my network with wireguard working on my phone, I return home, and then lose all connetivity, until I turn off wireguard. This has been inconvenient at times, and I hope to have a seamless transition when come from the WAN to the LAN, without turning off wireguard.
I have seen multiple ways that this could be addressed, however, nothing has worked so far for me. I do not want to do any split DNS as this would cause other issues for me. I have tried:
-Various port forwarding rules on LAN
-NAT reflection (on pfsense)
-Outbound NAT (on opnsense)
-1:1 NAT
-Many combinations of the above settings
Troubleshooting comments:
-When I directly enter the LAN IP of the opnsense wireguard server, and I connect from the LAN, I do receive packets, and all appears to work correctly.
Ultimately, as seen in the screenshots below, I think the packets appear to be received by the server, but the response packets seems to not make it back to the client when on the LAN.
https://imgur.com/a/EIwyetG
Has anyone got this working in a similar way? Or have any recommendations that I should try?
Thank you!