"
Hey Com :)
I set up two OPNsense instances a few weeks ago, mainly to create a possibility for a WireGuard Site-To-Site and a WireGuard Roadwarrior setup.
After several problems which I was fortunately able to solve, I am now completely at a loss.
The problem has to do with the Roadwarrior setup on OPNsense Instance 1:
Instance: 2
Listen port: 51820
Tunnel address: 10.1.101.0/24
Firwall-Rules:
Floating:
PROTOCOL: IPv4 UDP
SOURCE: *
PORT: *
DEST: This Firewall
PORT: 51820
GATEWAY: *
SCHEDULE: *
INTERFACE: WAN
WireGuard Interface:
PROTOCOL: IPv4 *
SOURCE: Verwaltung net [This is the automatic alias for the Interface-Net)
PORT: *
DEST: *
PORT: *
GATEWAY: *
SCHEDULE: *
INTERFACE: -
Since the firewall-rules for WireGuard are currently wide open, everything is working. All other Rules are auto-generated or vanilla.
After I have connected to the WireGuard instance with a peer from a remote site, I can access the local OPNsense IP address and the web interface via the VPN, but no longer from the local network, even after the VPN connection is off again.
- Restarting the firewall did not changed anything
- Restarting the WireGuard instance did not changed anything
- The logs dont tell me anything
The OPNsense is behind a Router with a exposed host (allow anything) rule and a static IP [192.168.178.20] for the WAN interface.
After I changed the static IP to 192.168.178.21 and do a reboot it works again until I reconnect a peer to the WireGuard instance, then the problem returns.
Additional info:
Currently an IPfire instance is still running which realizes all VPN connections with OpenVPN. This instance also acts as a gateway [10.1.1.254]. After everything is running on the OPNsense instance [10.1.1.253] and all rules have been adopted, a seamless transition should take place, in which the OPNsense instance receives the IP 10.1.1.254 and acts as the new gateway and VPN-Server for all clients.
I don't know how to debug this problem and hope someone has a hint for me.
Kind regards,
XY
I set up two OPNsense instances a few weeks ago, mainly to create a possibility for a WireGuard Site-To-Site and a WireGuard Roadwarrior setup.
After several problems which I was fortunately able to solve, I am now completely at a loss.
The problem has to do with the Roadwarrior setup on OPNsense Instance 1:
Instance: 2
Listen port: 51820
Tunnel address: 10.1.101.0/24
Firwall-Rules:
Floating:
PROTOCOL: IPv4 UDP
SOURCE: *
PORT: *
DEST: This Firewall
PORT: 51820
GATEWAY: *
SCHEDULE: *
INTERFACE: WAN
WireGuard Interface:
PROTOCOL: IPv4 *
SOURCE: Verwaltung net [This is the automatic alias for the Interface-Net)
PORT: *
DEST: *
PORT: *
GATEWAY: *
SCHEDULE: *
INTERFACE: -
Since the firewall-rules for WireGuard are currently wide open, everything is working. All other Rules are auto-generated or vanilla.
After I have connected to the WireGuard instance with a peer from a remote site, I can access the local OPNsense IP address and the web interface via the VPN, but no longer from the local network, even after the VPN connection is off again.
- Restarting the firewall did not changed anything
- Restarting the WireGuard instance did not changed anything
- The logs dont tell me anything
The OPNsense is behind a Router with a exposed host (allow anything) rule and a static IP [192.168.178.20] for the WAN interface.
After I changed the static IP to 192.168.178.21 and do a reboot it works again until I reconnect a peer to the WireGuard instance, then the problem returns.
Additional info:
Currently an IPfire instance is still running which realizes all VPN connections with OpenVPN. This instance also acts as a gateway [10.1.1.254]. After everything is running on the OPNsense instance [10.1.1.253] and all rules have been adopted, a seamless transition should take place, in which the OPNsense instance receives the IP 10.1.1.254 and acts as the new gateway and VPN-Server for all clients.
I don't know how to debug this problem and hope someone has a hint for me.
Kind regards,
XY
