OPNsense Forum

English Forums => Virtual private networks => Topic started by: fields987 on January 29, 2021, 05:43:01 am

Title: New Wireguard Setup
Post by: fields987 on January 29, 2021, 05:43:01 am

I've currently wireguard setup on a raspberry pi (pivpn) and port forwarding is set up. From a wireguard peer, I can browse internet over tunnel and access lan resources.

I've recently set up OPNSense and started playing with the wireguard plugin but I cant seem to get the config right. I've followed this guide through step 2b. https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I am able to connect my ios peer to my OPNSense wireguard instance, but dont have any lan or wan access past that. Am I missing a translation or route between my tunnel vlan 10.98.7.0/24 and lan vlan 192.168.2.0/24? I feel like im missing something easy, but I'm just too new to OPNSense to know how to fix it.

Thanks!

Title: New Wireguard Setup
Post by: Greelan on January 29, 2021, 06:53:53 am

I found using “WireGuard net” as the source in the WireGuard interface fw rule did not work. For whatever reason - maybe because I did not specifically assign an interface to wg0, but just used the automatic WireGuard interface that appears. So I defined an Alias for my VPN network and used that in the rule instead

Title: New Wireguard Setup
Post by: Greelan on January 29, 2021, 06:57:39 am

As an aside - I did do some digging in CLI to see whether I could find out exactly what was in “WireGuard net”, but couldn’t pin it down

Title: Re: New Wireguard Setup
Post by: mimugmail on January 29, 2021, 07:36:41 am

Wireguard net, and also OpenVPN net wont work like expected when using multiple instances.
I'd rather not use them at all.

Title: Re: New Wireguard Setup
Post by: Greelan on January 29, 2021, 07:39:01 am

I figured it was something like that, even though all my endpoints were in the same network

Title: Re: New Wireguard Setup
Post by: fields987 on January 29, 2021, 07:55:07 pm

Quote from: Greelan on January 29, 2021, 06:53:53 am

I found using “WireGuard net” as the source in the WireGuard interface fw rule did not work. For whatever reason - maybe because I did not specifically assign an interface to wg0, but just used the automatic WireGuard interface that appears. So I defined an Alias for my VPN network and used that in the rule instead

Thanks, this is exactly what I needed!

Title: Re: New Wireguard Setup
Post by: Greelan on January 30, 2021, 07:33:41 am

I've created a PR to address this issue in the how-to: https://github.com/Greelan/docs/pull/2

Title: Re: New Wireguard Setup
Post by: franco on January 30, 2021, 01:36:14 pm

PR went to your fork. Can you do one to the upstream docs too? :D


Thanks,
Franco

Title: New Wireguard Setup
Post by: Greelan on January 30, 2021, 08:55:14 pm

Ah, oops!

Fixed: https://github.com/opnsense/docs/pull/304