Messages

1

Virtual private networks / Gateway Routing through Wireguard VPN

« on: May 13, 2021, 05:28:50 pm »

Hi,
this is my setup (simplified):

Code: [Select]


   ┌───────────────┐
   │  Client       │
   │  10.3.13.3/26 │
   │               │
   └────┬──────────┘
        │
        │
        │
   ┌────┴──────────────┐
   │  OPNSense         │
   │  10.3.13.1/26     │     ┌───────────────────┐
   │                   │     │  Default Router   │
   │  DHCP             ├─────┤  10.3.13.145/29   │
   │  10.3.13.149/29   │     │                   │
   │                   │     └───────────────────┘
   │                   │
   │  Wireguard Client │     ┌───────────────────┐
   │  10.0.5.3/32      ├─────┤  Wireguard Server │
   │                   │     │  10.0.5.1/24      │
   └───────────────────┘     │                   │
                             └──────┬────────────┘
                                    │
                             ┌──────┴────────────┐
                             │ Optional Router   │
                             │ 10.0.5.7/32       │
                             │                   │
                             └───────────────────┘

I use the default router for basic internet access in Office 1. I have set up a VPN server which routes different networks in multiple offices. Works beautifully. What I now want to achieve is that one of our Clients (10.3.13.3) in Office 1 uses another gateway (10.0.5.7). This optional gateway is reachable through the Wireguard VPN connection.

So what I tried is to create a new simple gateway in OPNSense (under System -> Gateways) and then created a firewall rule that routes traffic of this one client through the newly defined gateway. But when I activate this firewall rule I cannot connect to any destination (Destination Host Unreachable) from the client.

Did I do something wrong here?

2

General Discussion / Re: No traffic between bridged network and other networks

« on: January 14, 2021, 10:51:58 pm »

I now disabled the whole firewall... still no traffic coming through. Could it be a routing issue?

3

General Discussion / No traffic between bridged network and other networks

« on: January 14, 2021, 08:48:03 pm »

Hi!
I have an issue with bridged networks and hope you can assist me in finding my mistake!
Background: I have a small server with OPNsense installed as a virtual machine (KVM) on top of Ubuntu 20.04. There are 2 physical onboard NICs, one USB NIC, a virtual host-only network and a WiFi interface. Aside from the WiFi interface the other interfaces are connected directly to the VM.
Additionally I created several VLANs for one of the onboard NICs. So far, so good. Everything (DHCP, DNS, routing, Wireguard VPN,...) is running smoothly.

Now I needed to create a bridged network because I wanted one VLAN and the USB NIC to be on the same network. So I did the following:
- removed static IPs from both the VLAN and the NIC network
- created a bridge and added the NIC and the VLAN
- assigned the bridge to a new network
- configured the bridged network with static IPs
- changed the tunable settings so filtering is done on the bridge interface
- created a new firewall rule on the bridge network: allow any->any (at first, I created other rules but for troubleshooting purposes I defined the new rule)
- enabled DNS and DHCP for the interface

I found several manuals that are quite similar and include those steps.
My issue is: there is no traffic between the clients connected to one of the member networks and my other networks. DHCP is working (clients get an IP, DNS, gateway assigned), but no other connection is possible. I cannot even connect to the the OPNsense web interface. But I also see no blocked traffic on the firewall (Live view).
I already deleted the whole setup and recreated it from scratch with the same outcome.
Any ideas? 

4

20.1 Legacy Series / [SOLVED] Cannot connect to WAN interface from a remote client using Wireguard

« on: March 15, 2020, 06:45:37 pm »

Hi all!
My setup:
- newest OPNSense 20.1, all updates
- Wireguard addon installed and configured (site to site)
- different VLANs/virtual interfaces configured

Situation/Issue:
I have set up an internal network with firewall rules, DHCP, etc. and everything is running smoothly BUT one connection.
Wireguard is set up to interconnect different sites, all sites use different IP ranges. Nearly all connections (as long as accepted by the firewall) between the sites are ok. It is just not possible to connect to the WAN device. It is a simple HTTP connection and I see it in the firewall log as accepted but the remote client just runs into a timeout. I can access the HTTP interface from all the site's local clients so the configuration in general should be ok. Any ideas?

WAN <- OPNSense <- local client: WORKING
WAN <- OPNsense <- wireguard <- remote client: NOT WORKING



edit:
ignore everything I wrote. We forgot to implement a route on the WAN device to the other sites because it is not aware of the networks behind OPNSense. Everything works flawlessly now.