Show Posts

General Discussion / [Solved]Port forward in a wireguard tunnel to another site

« on: August 09, 2022, 11:15:23 pm »

Hi,

I have an Opnsense instance in the cloud (Site B) and an Opnsense at home (Site A) that are connected by a Wireguard VPN.

Opnsense (Site B)
Wan IP : 10.250.100.24/22
WG IP : 10.100.100.2/22
Opnsense (Site A)
Wan IP : 192.168.1.1/24
Lan IP : 10.69.60.1/22
WG IP : 10.100.100.1/22
Webserver
IP : 10.69.60.1/22
Diagram : https://i.imgur.com/zHkWOn7.png

To do this I created a Wireguard VPN site to site, the web server can go ping the Wan of Opnsense (Site B) and vice versa.

I want to host a web server on my local network so I redirect port 9999 of the Opnsense (Site B) to my web server ip 10.69.60.1 on port 80 to go through the tunnel.
Example:
Opnsense (Site B) => Wireguard tunnel => Opnsense (Site A) => Webserver
But Opnsense (Site A) does not receive the packets.

When I look at the logs of Opnsense (Site A), I see that there is nothing and even this packet capture, I think that the packets are not transferred, it must be blocked at the Opnsense (Site B).

NAT: Port Forward, Opnsense (Site B) :
https://i.imgur.com/avsbmXd.png

Routes status, Opnsense (Site B) :
https://i.imgur.com/C3OxVKp.png

Logs, Opnsense (Site B):
https://i.imgur.com/lMnQi21.png

Interface wan, Opnsense (Site B):
https://i.imgur.com/2BB1l7k.png

Interface wg0, Opnsense (Site B) :
https://i.imgur.com/VwtbHmG.png

The problem is the same in reverse
Opnsense (Site A) => Wireguard tunnel => Opnsense (Site B) => Web server

Why are the packages blocked? I must have missed a step?

Messages - loic

General Discussion / Re: Port forward in a wireguard tunnel to another site

General Discussion / [Solved]Port forward in a wireguard tunnel to another site