OPNsense Forum

English Forums => Virtual private networks => Topic started by: chemlud on December 01, 2020, 04:14:34 pm

Title: How to pcap on Wireguard site-to-site?
Post by: chemlud on December 01, 2020, 04:14:34 pm

Hi again!

Have here a Wireguard site-to-site tunnel between 2x OPNsense 20.7.4, all working. The remote sense does the DNS for the local network (DHCPv4 hands out the remote LAN address of sense as DNS). That works just fine.

On the local sense I can pcap on the LAN and see the packages for DNS coming and replies from remote sense flowing back. Fine.

But if I do a pcap (Interfaces -> Diagnostics) on the LAN of the remote sense, I don't see any DNS packages at all (also tried WAN interface, but doesn't help). So the packages flow through the tunnel, but are invisible for pcap on the sense doing the DNS requests.

On the sense doing the DNS I had to assign an interface (otherwise no FW-rules tab was generated), but the interface is not activated. Should that be enabled? Would that help for the pcap problem?

Title: Re: How to pcap on Wireguard site-to-site?
Post by: mimugmail on December 01, 2020, 07:49:18 pm

Via console

tcpdump -n -i wg0