Enabled | Checked |
Name | VpnSrv |
Public Key | xxxxxxxxxxxx |
Shared Secret | xxxxxxxxxxxx |
Allowed IPs | 0.0.0.0/0 (works with this value, doesn't work if more precision) |
Endpoint Adress | <IP of the remote server> |
Endpoint Port | <Port of the vpn> |
Keepalive | 25 (but useless with monitor IP on gateway) |
Enabled | Checked |
Name | VpnClt |
Instance | 0 |
Public Key | xxxxxxxxxxxx |
Private Secret | xxxxxxxxxxxx |
Listen Port | <Port of the vpn> (same as server, doesn't matter i think) |
MTU | 1350 (less than value found with ping) |
DNS Server | <IP of DNS> |
Tunnel Address | 1.66.66.2/24 |
Peers | VpnSrv |
Disable Routes | Unchecked (because route only for several VM) |
Gateway | 1.66.66.1[/color] |
Name | Interface | Protocol | Priority | Gateway | Monitor IP | RTT | RTTd | Loss | Status |
WAN_GWv4 | WAN_I | IPv4 | 200(upstream) | 192.168.0.1 | 192.168.0.1 | 1.3ms | 0.5ms | 0.0% | Online |
WireGuard_GWv4 | WireGuard_I | IPv4 | 255 | 1.66.66.1 | 1.66.66.1 | 59.4ms | 0.4ms | 0.0% | Online |
# VM route to the VPN
pass in log quick on vtnet2 route-to (wg0 10.66.66.1) inet from <IP_of_my_VM> to (wg0:network) flags S/SA keep state label "aab85546d68e895405a9c85302113012"
pass in log quick on vtnet2 route-to (wg0 10.66.66.1) inet from <IP_of_my_VM> to ! <IPGROUP_RF1918> flags S/SA keep state label "de1cec96bcfb256207074d627c8fddef"
# VM default drop (if one or the both previous rules are deactivated)
block drop in log quick on vtnet2 inet from <IP_of_my_VM> to ! <IPGROUP_RF1918> label "f89b10f01e32d152333a332bb4769cbe"
# HA proxy "loop"
pass in log quick on vtnet2 inet proto tcp from <IP_of_my_VM> to <IP_rout2dmz1_on_RTG> port = http flags S/SA keep state label "c21f2bf8abb986c9a6c20b4e47a0016e"
pass in log quick on vtnet2 inet proto tcp from <IP_of_my_VM> to <IP_rout2dmz1_on_RTG> port = https flags S/SA keep state label "c21f2bf8abb986c9a6c20b4e47a0016e"
# accept icmp
pass in log quick on wg0 inet proto icmp from any to (wg0) keep state label "944fd4137aef7e8321b6f17aedf03766"
pass in log quick on wg0 inet proto icmp from any to <IP_of_my_VM> keep state label "a8b41fd23302fb0859a894db911728b0"
# allow incomming tcp/udp to my VM
pass in log quick on wg0 inet proto tcp from ! <IPGROUP_RF1918> to <IP_of_my_VM> flags S/SA keep state label "b37665a4b2903815f66d0d642aad66b0"
pass in log quick on wg0 inet proto udp from ! <IPGROUP_RF1918> to <IP_of_my_VM> keep state label "b37665a4b2903815f66d0d642aad66b0"