Show Posts
1
20.1 Legacy Series / No internet connection with WireGuard Road Warrior Setup
« on: April 19, 2020, 01:34:42 pm »
Hello everyone,
I would like to setup a virtual homelab environment, using OPNsense as router.
All my LAN network traffic from inside the lab need to go out through a Wireguard VPN. This same LAN need to be accessible from the same Wireguard tunnel by other "clients" (like my laptop).
The WAN interface is another LAN where I can't open any port and I don't want to send Internet traffic on it, except Wireguard tunneled...
Here is a small schema showing the desired setup :
I have a Debian VPS acting as a Wireguard "Server", using the following config :
I've followed these tutorials from the docs https://wiki.opnsense.org/manual/how-tos/wireguard-client-azire.html and https://wiki.opnsense.org/manual/how-tos/wireguard-client-mullvad.html.
Here are my configuration on the OPNsense side :
Local :
Endpoint :
NAT/Outbound :
I'm able to ping the whole Wireguard network.
I'm able to traceroute IPs, showing that everything goes through the tunnel
I can't ping Internet IPs nor DNS names...
I can't visit any internet website...
I've tried to assign the interface, add gateways, change DNS,... nothing works...
Thanks very much in advance,
Kevin
I would like to setup a virtual homelab environment, using OPNsense as router.
All my LAN network traffic from inside the lab need to go out through a Wireguard VPN. This same LAN need to be accessible from the same Wireguard tunnel by other "clients" (like my laptop).
The WAN interface is another LAN where I can't open any port and I don't want to send Internet traffic on it, except Wireguard tunneled...
Here is a small schema showing the desired setup :
I have a Debian VPS acting as a Wireguard "Server", using the following config :
Code: [Select]
# VPS
[Interface]
Address = 10.8.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE;
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE;
ListenPort = 12345
PrivateKey = XXXXXXXXXXXXXXXXXXXXXX
# OPNsense
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.8.0.2/32
# Laptop
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.8.0.3/32
I've followed these tutorials from the docs https://wiki.opnsense.org/manual/how-tos/wireguard-client-azire.html and https://wiki.opnsense.org/manual/how-tos/wireguard-client-mullvad.html.
Here are my configuration on the OPNsense side :
Local :
Endpoint :
NAT/Outbound :
I'm able to ping the whole Wireguard network.
I'm able to traceroute IPs, showing that everything goes through the tunnel
I can't ping Internet IPs nor DNS names...
I can't visit any internet website...
I've tried to assign the interface, add gateways, change DNS,... nothing works...
Thanks very much in advance,
Kevin