OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of gatorsense »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - gatorsense

Pages: [1]
1
21.7 Legacy Series / Re: Wireguard selects wrong gateway for outbound peer connection
« on: September 07, 2021, 05:41:49 pm »

In case someone else finds this post looking for a solution, I was able determine what I would call a ‘workaround’ to the issue.

The issue is when I create an OpenVPN client on OPNsense I lose control over what gateway many of the OPNsense services select for outbound connections.

I need both an active WireGuard connection to a VPS (to port forward behind a CGNat) and an OpenVPN client connection to route some OPNsense clients through. To keep WireGuard from connecting over the OpenVPN connection I did the following:

- disabled the OpenVPN client and gateway on OPNsense
- create a new Proxmox VM (a Pi or old computer would also work) with the OpenVPN connection, added masquerade and kill switch firewall rules, and added a restart script if it loses it’s connection
- created an OPNsense gateway that points to the IP of the new Proxmox VM I call ‘gateway’

Now I can route select clients and subnets through the new gateway and WireGuard makes a direct connection to the remote VPS which for me is now 4-5 times faster.

I’m happy with this solution for now. It resolves my problem, gives me more control over routing and simplifies my OPNsense configuration. I toyed with the idea of creating some static routes and that MAY have worked but I feel better about this option.

2
21.7 Legacy Series / Wireguard selects wrong gateway for outbound peer connection
« on: August 26, 2021, 04:10:18 pm »
How can I force Wireguard to use a different outbound gateway for making a connection to a remote peer (a VPS)?

I have 2 gateways:

WAN_DHCP - priority = 1, upstream is checked
VPN_VPNV4 - priority = 255, upstream is NOT checked

The VPN_VPNV4 is an openvpn client to a VPN provider I route some devices through via firewall rules.

From what I read WAN_DHCP should be selected at a higher priority because of the lower priority number and because it is the only gateway marked as upstream. Yet when Wiregaurd starts up it makes a connection to the VPS over the slower VPN_VPNV4 gateway every time. When I look on the VPS I see it gets a peer connection from an IP associated with my VPN provider.

Obviously this is double encrypted and not as fast and is the worse route for Wireguard to use. Though everything does work.

I'd like to force Wireguard to use WAN_DHCP as the gateway for making an outbound peer connection but can't seem to find out how to make that happen. Any ideas/thoughts would be appreciate!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2