1
Virtual private networks / WireGuard Road Warrior setup with no WAN connection
« on: March 23, 2022, 03:42:37 pm »
I am new to OPNsense and am trying to configure it to start with as a "road warrior VPN concentrator for WireGuard"
I have seen the Road Warrior Setup page in the manual but have a slightly different setup which I cannot find reliable information on either there or on Google: rather than OPNsense being "the main firewall" with a WAN and a LAN connection, it sits on the LAN only, behind another firewall that forwards ports tcp/51822 and udp/51822 to the OPNsense box. Currently, LAN is configured as 192.168.1.0/24, with .55 as the OPNsense box and .254 as the default gateway.
So in effect I need the OPNsense/WireGuard configuration to:
- accept incoming WireGuard connections on port 51822 of the the LAN intf
- route VPN traffic for devices on the LAN (e.g. 192.168.1.123) back out onto the LAN intf
- route VPN traffic for "the Internet" (ie. not LAN addresses) onto the LAN intf and onward to the default gateway
After messing about with the config. on my own and getting nowhere fast, I have now completely reset the OPNsense configuration and am ready to start afresh... but don't know where to start!
Has anyone got a similar configuration working; or at least point me to some resource covering this particular use case?
Any help will be greatly appreciated.
I have seen the Road Warrior Setup page in the manual but have a slightly different setup which I cannot find reliable information on either there or on Google: rather than OPNsense being "the main firewall" with a WAN and a LAN connection, it sits on the LAN only, behind another firewall that forwards ports tcp/51822 and udp/51822 to the OPNsense box. Currently, LAN is configured as 192.168.1.0/24, with .55 as the OPNsense box and .254 as the default gateway.
So in effect I need the OPNsense/WireGuard configuration to:
- accept incoming WireGuard connections on port 51822 of the the LAN intf
- route VPN traffic for devices on the LAN (e.g. 192.168.1.123) back out onto the LAN intf
- route VPN traffic for "the Internet" (ie. not LAN addresses) onto the LAN intf and onward to the default gateway
After messing about with the config. on my own and getting nowhere fast, I have now completely reset the OPNsense configuration and am ready to start afresh... but don't know where to start!
Has anyone got a similar configuration working; or at least point me to some resource covering this particular use case?
Any help will be greatly appreciated.