1
Virtual private networks / Wireguard s2s FW cannot connect
« on: June 03, 2022, 03:59:52 pm »
I have 2 wireguard site-to-site tunnels. Both tunnels have the most current release of opnsense on both ends. They share my home instance in common. Meaning instance one is Home—>Location 1 and the other instance is Home -> Location 2. They are identical in configuration, except of course the keys and tunnel addresses.
The first functions exactly as I would expect: all clients can access the resources through the tunnel and the fw itself can also access the tunnel. For example, a ping from one opnsense machine to the other would work.
The second is functioning different. All clients on either end of the tunnel can communicate, including to Opnsense webgui(s). However, direct communication from either opnsense instance doesn’t work across the tunnel. The opnsense machines cannot communicate across the tunnel. So, for example, I can’t utilize git-backup, I can’t ping from one fw to any resource across the tunnel. It seems to only be communications from the firewall machines that are impacted. All clients on either end of the tunnel can connect fine.
I’m presuming that I somehow missed a firewall rule someplace, but right now everything looks to be identical, and I am not even sure where to start looking for an answer.
This is pretty fringe, and there are probably 100000 things that could cause this, so I know it’s a bit of a long shot. Any one have any ideas?
EDIT: subnets and paying attention matter my friends. 10.10.0.1/32 vs 10.10.0.2/32 in the end points caused my issue.
The first functions exactly as I would expect: all clients can access the resources through the tunnel and the fw itself can also access the tunnel. For example, a ping from one opnsense machine to the other would work.
The second is functioning different. All clients on either end of the tunnel can communicate, including to Opnsense webgui(s). However, direct communication from either opnsense instance doesn’t work across the tunnel. The opnsense machines cannot communicate across the tunnel. So, for example, I can’t utilize git-backup, I can’t ping from one fw to any resource across the tunnel. It seems to only be communications from the firewall machines that are impacted. All clients on either end of the tunnel can connect fine.
I’m presuming that I somehow missed a firewall rule someplace, but right now everything looks to be identical, and I am not even sure where to start looking for an answer.
This is pretty fringe, and there are probably 100000 things that could cause this, so I know it’s a bit of a long shot. Any one have any ideas?
EDIT: subnets and paying attention matter my friends. 10.10.0.1/32 vs 10.10.0.2/32 in the end points caused my issue.