1
21.7 Legacy Series / Re: Wireguard server over OpenVPN client
« on: August 23, 2021, 07:02:30 am »
Here it is, hope it's understandable.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
21.7 Legacy Series / Re: Wireguard server over OpenVPN client
« on: August 22, 2021, 01:32:39 am »
Thank you.
Isn't it what the outbound NAT rule VPN_I - WG_I_NET would be doing ?
VPN links on the firewall are easier, since it is the default gateway for the network.I actually had the same issue with the internal wireguard, I was trying to split it to identify the issue.
If you're trying to reach a host across the tunnel with a VPN server on your LAN, you need to have a static route through the VPN server, or the VPN server tunnel endpoint needs to have a NAT on your LAN.
Isn't it what the outbound NAT rule VPN_I - WG_I_NET would be doing ?
3
21.7 Legacy Series / Wireguard server over OpenVPN client
« on: August 21, 2021, 04:50:47 pm »
Hi,
I am trying to set a wireguard server (autonomous host, not the wireguard within opnsense) over an existing OpenVPN connection, sadly without success.
I've tried to sum it up with: (WAN is the upstream gateway. )
+---------+
| Gateway |
+---------+
| WAN* |
| VPN |
+---------+
+-----------+
| Interface |
+-----------+
| WAN_I |
| VPN_I |
| WG_I |
+-----------+
Outboud NAT
+-----------+------------+-------------------+
| Interface | Src | NAT addr |
+-----------+------------+-------------------+
| VPN_I | WG_I_NET:* | Interface address |
+-----------+------------+-------------------+
Port forward
+-----------+-------+-----+-----------------------+-----------------+
| Interface | Proto | Src | Dest | NAT |
+-----------+-------+-----+-----------------------+-----------------+
| VPN_I | UDP | *:* | This firewall:WG_PORT | WG_HOST:WG_PORT |
+-----------+-------+-----+-----------------------+-----------------+
VPN_I Rules
+-------+-----+-----------------+---------+
| Proto | Src | Dest | Gateway |
+-------+-----+-----------------+---------+
| UDP | *:* | WG_HOST:WG_PORT | * | Auto generated by the port forward rule
+-------+-----+-----------------+---------+
WG_I Rules
+---------+----------+--------+---------+
| Proto | Src | Dest | Gateway |
+---------+----------+--------+---------+
| TCP/UDP | WG_NET:* | !Local | VPN |
+---------+----------+--------+---------+
What confuses me is that I have no issue going through the VPN gateway from the wireguard host in TCP and if I traceroute from the wireguard host/interface/srcport to outside in udp I go through the VPN Gateway.
Wireguard host receives the udp packets coming in on VPN_I and answers, however, here is my issue, the return packet goes through the WAN gateway.
Anyone to put me on the right track ? I can't figure this out.
Thanks for the help.
I am trying to set a wireguard server (autonomous host, not the wireguard within opnsense) over an existing OpenVPN connection, sadly without success.
I've tried to sum it up with: (WAN is the upstream gateway. )
+---------+
| Gateway |
+---------+
| WAN* |
| VPN |
+---------+
+-----------+
| Interface |
+-----------+
| WAN_I |
| VPN_I |
| WG_I |
+-----------+
Outboud NAT
+-----------+------------+-------------------+
| Interface | Src | NAT addr |
+-----------+------------+-------------------+
| VPN_I | WG_I_NET:* | Interface address |
+-----------+------------+-------------------+
Port forward
+-----------+-------+-----+-----------------------+-----------------+
| Interface | Proto | Src | Dest | NAT |
+-----------+-------+-----+-----------------------+-----------------+
| VPN_I | UDP | *:* | This firewall:WG_PORT | WG_HOST:WG_PORT |
+-----------+-------+-----+-----------------------+-----------------+
VPN_I Rules
+-------+-----+-----------------+---------+
| Proto | Src | Dest | Gateway |
+-------+-----+-----------------+---------+
| UDP | *:* | WG_HOST:WG_PORT | * | Auto generated by the port forward rule
+-------+-----+-----------------+---------+
WG_I Rules
+---------+----------+--------+---------+
| Proto | Src | Dest | Gateway |
+---------+----------+--------+---------+
| TCP/UDP | WG_NET:* | !Local | VPN |
+---------+----------+--------+---------+
What confuses me is that I have no issue going through the VPN gateway from the wireguard host in TCP and if I traceroute from the wireguard host/interface/srcport to outside in udp I go through the VPN Gateway.
Wireguard host receives the udp packets coming in on VPN_I and answers, however, here is my issue, the return packet goes through the WAN gateway.
Anyone to put me on the right track ? I can't figure this out.
Thanks for the help.
Pages: [1]