OPNsense Forum
English Forums => Virtual private networks => Topic started by: MrBieR on October 03, 2021, 03:41:23 pm
-
Hi,
I've asked this question before but I didn't really get to a working solution.
https://forum.opnsense.org/index.php?topic=20360
Perhaps someone can help with the current status of wireguard in Opnsense.
Browser: 7.7.7.7
VPS eth0: 9.9.9.9 (outside IP address)
VPS wg0: 192.168.1.1
Opnsense wg0: 192.168.1.2 (gateway configured to be 192.168.1.254 and that works fine)
Opnsense eth0: 192.168.0.254
Local PC eth0: 192.168.0.1
On my webserver I see source IP address: 192.168.1.1 while I'd want to see the actual IP address that connected to my VPS https://9.9.9.9.
What I've tried so far:
iptables -t nat -I PREROUTING 1 -p tcp --dport 443-j DNAT --to-destination 192.168.1.2:443
iptables -t nat -A POSTROUTING -j MASQUERADE
The -j MASQUERADE causes the translation I think but I don't know how to get it working without it.
iptables -I PREROUTING 1 -t nat -i eth0 -p tcp --dport 443 -j DNAT --to 192.168.1.2:443
iptables -I FORWARD 1 -p tcp -d 192.168.1.2 --dport 443 -j ACCEPT
---
On opnsense: Wireguard it's setup like https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#wireguard-selective-routing-to-external-vpn-provider
which means that my local PC will go over the wireguard connection for the 443 port (tried that, and that works fine)
---
Package capture:
interface: wg0 7.7.7.7 => 192.168.1.2
interface: lan 7.7.7.7 => 192.168.0.1
interface: lan 192.168.0.1 => 7.7.7.7
interface: wg0 nothing..
interface: wan 192.168.1.2 => 7.7.7.7 (wrong!)
Firewall:
rule: lan outgoing source port 443 use wg0. (if I set destination port 443 then all my https traffic from this local pc goes over wg0 which works fine! but now I want to reply to an incoming request on 443 and reply to that via that route)
nat outbound: lan outgoing use wg0.