1
Virtual private networks / Wireguard - Problems with LAN access
« on: September 30, 2020, 12:00:14 pm »
Hi guys,
I've been trying to get my Wireguard VPN to work the way I want it to for a long time now. Maybe I understand something wrong.
I have a roadwarrior scenario, which means that I have an OPNsense firewall where Wireguard runs as plugin. Behind the OPNsense is a network with a Windows Server 2019 and several Windows clients.
The network is structured as follows:
Fritzbox with IP 10.15.0.1 to WAN of the OPNsense firewall (IP 10.15.0.2). The Fritzbox is also used for DynDNS (MyFritz), because of the DS-Lite problem. I then use Wireguard through a socat tunnel installed on a vServer.
The OPNsense is set as Exposed Host in the Fritzbox. Everything works fine so far.
The LAN is in the address range 10.15.1.0/24. The IP addresses are assigned via DHCP, except for the Windows server and a Windows client. The Windows Server has 10.15.1.10 and the Windows Client has 10.15.1.11.
DHCP Server is a PiHole with the address 10.15.1.2. The names of the Windows Client and the Windows Server are entered there, so that the name resolution in the LAN works. This is also no problem.
The tunnel network is in the range 10.0.0.0/24.
Now my 2 problems:
I find dozens of HowTos but my problems are not solved. Is my way of thinking wrong, or am I going about things the wrong way, or are my WireguardVPN requirements abnormal?
I've been trying to get my Wireguard VPN to work the way I want it to for a long time now. Maybe I understand something wrong.
I have a roadwarrior scenario, which means that I have an OPNsense firewall where Wireguard runs as plugin. Behind the OPNsense is a network with a Windows Server 2019 and several Windows clients.
The network is structured as follows:
Fritzbox with IP 10.15.0.1 to WAN of the OPNsense firewall (IP 10.15.0.2). The Fritzbox is also used for DynDNS (MyFritz), because of the DS-Lite problem. I then use Wireguard through a socat tunnel installed on a vServer.
The OPNsense is set as Exposed Host in the Fritzbox. Everything works fine so far.
The LAN is in the address range 10.15.1.0/24. The IP addresses are assigned via DHCP, except for the Windows server and a Windows client. The Windows Server has 10.15.1.10 and the Windows Client has 10.15.1.11.
DHCP Server is a PiHole with the address 10.15.1.2. The names of the Windows Client and the Windows Server are entered there, so that the name resolution in the LAN works. This is also no problem.
The tunnel network is in the range 10.0.0.0/24.
Now my 2 problems:
- As I understand it, I enter the LAN as a client with the IP 10.0.0.2, but there I am blocked by the Windows firewall of the clients, probably because the subnet doesn't fit. If I deactivate the firewall, I can access it everywhere. But adjusting the firewall rules is not a great option, because there are many clients in the network.
Probably I have to create a route to travel with a 10.15.1.## IP on the LAN. Unfortunately I have no idea. - Name resolution does not work for the LAN clients. But I can surf normally and get the DNS requests answered by the PiHole, I checked that. Probably this can be solved by 1)
I find dozens of HowTos but my problems are not solved. Is my way of thinking wrong, or am I going about things the wrong way, or are my WireguardVPN requirements abnormal?