Show Posts
1
Development and Code Review / Re: Wireguard in opnsense
« on: March 06, 2019, 02:05:12 pm »
Hi everyone !
I'm having an issue with my Wireguard setup on Opnsense. I don't know if my setup is wrong or if there's a bug with the plugin...
I'm in 2 WANs configuration and i want two Wireguard sessions, one on each WAN interface. The problem is : packets received on WAN2 interfarce are redirected to the good WG interface, but return packet is sent from WAN1 interface.
This configuration works great with OpenVPN : one server listenning on Localhost, NAT forwarding from WAN1 and WAN2 to 127.0.0.1 on the OpenVPN port. If session is initiated from a peer on WAN2 interface, reply is sent from WAN2 interface.
But with Wireguard it does not work : with one WG instance, and NAT redirection to 127.0.0.1 on each WAN on the same port, the answer is ALWAYS sent from WAN1 interface. Witch two instance of WG, and a different port for each, it's the same. I also try to add floating rule, with no interface choice, and source port of my second WG instance, and tell to pass and use the WAN2 gateway, but it seems to have no effect on it.
I don't know if my explanation is clear, but I can add screenshots or packet captures if needed.
Thank you for your help
.
I'm having an issue with my Wireguard setup on Opnsense. I don't know if my setup is wrong or if there's a bug with the plugin...
I'm in 2 WANs configuration and i want two Wireguard sessions, one on each WAN interface. The problem is : packets received on WAN2 interfarce are redirected to the good WG interface, but return packet is sent from WAN1 interface.
This configuration works great with OpenVPN : one server listenning on Localhost, NAT forwarding from WAN1 and WAN2 to 127.0.0.1 on the OpenVPN port. If session is initiated from a peer on WAN2 interface, reply is sent from WAN2 interface.
But with Wireguard it does not work : with one WG instance, and NAT redirection to 127.0.0.1 on each WAN on the same port, the answer is ALWAYS sent from WAN1 interface. Witch two instance of WG, and a different port for each, it's the same. I also try to add floating rule, with no interface choice, and source port of my second WG instance, and tell to pass and use the WAN2 gateway, but it seems to have no effect on it.
I don't know if my explanation is clear, but I can add screenshots or packet captures if needed.
Thank you for your help
.