Messages

1

Virtual private networks / Re: Wireguard road warrior. How to keep my vpn up and connect even from behind my fw

« on: January 01, 2023, 10:03:41 pm »

Unsure what you mean by

If I'm home and using wireless everything works fine

By the looks of it you're missing a port forward rule as follows:

Code: [Select]

Source WiFi_Vlan (or Device_IP) Destination Wan_IP:Wireguard_Port --Redirect to 127.0.0.1:Wireguard_Port
This would make your transition in and out of home WiFI seamless on WG side.

Hey, thanks for taking the time to help me.

What I mean is I keep both my wifi and 4g always on. The ideal scenario would be that when outside it connected using the 4G and once I get home it keeps the smartphone connected using the wifi (without having to turn off the VPN).

Well... these last couple of weeks is my first experience using opnsense. I'm not that used with its syntax yet.

Is the following what you're suggesting?

WAN    UDP    WG net    51825    WAN address    51825    127.0.0.1    51825    

2

Virtual private networks / Re: Wireguard road warrior. How to keep my vpn up and connect even from behind my fw

« on: January 01, 2023, 09:27:30 pm »

Thank you for your interest.

I generally keep both the wifi and 4G up all time on my Android phone. The same goes with the VPN (with that kill switch "always on" option that Android provides).

So on this context If I'm at first using wifi everything works well, connected through the VPN, with low latency on pings, etc. If I turn off the wifi the link keeps up on the 4G and the VPN link keeps working (with the obvious change on the latency, considering I'm now connected on a slower link). The problem is that if I turn on wifi once again although it keeps connected the connection becomes slower (in fact even slower than the 4G) even when accessing other machines on my LAN and it only behaves as expected if I disconnect and reconnect the VPN on my smartphone. It's as if I was connecting from outside my LAN, not internally via my wifi.

I imagined that, based on what I've read so far (and now from your suggestion), either DNS split or NAT Reflection could solve my issue.

Could you give me a little more details and point me in the right direction on how I may implement it? I mean... I already enabled the corresponding options on OPNsense, but I have no idea about what to do now.

3

Virtual private networks / Wireguard road warrior. How to keep my vpn up and connect even from behind my fw

« on: December 26, 2022, 01:16:13 pm »

Hello,

I have two Wireguard interfaces. One as client to Mullvad VPN and the other as a server to a road warrior smartphone client. By reading the docs, googling and asking around I managed to make everything work.

Just one little thing missing that I don't know if is not possible or I'm lacking the knowledge to implement.

Thing is I enabled the VPN options "Always on" and "Block connections without VPN" on my phone, so that I can keep the VPN always up, no matter if I'm at home or outside, or using wireless or 4G. It kind of works, but I noticed that:

- If I'm home and using wireless everything works fine. If in order to test I turn the wireless off and turn on 4G I can't ping anymore, unless I disable and reenable the Wireguard connection on the phone.

- If I'm using 4G everything works (I can ping my other LAN machines, the Internet, etc) but If I turn on wireless the same thing happens. I can't ping no more and have to quckly disconnect and reconnect the Android Wireguard app.

I noticed that if I do what this guy suggests (split DNS) and works, but when I'm connected from wireless it acts as if I'm connected from outside (pings with higher latency, slow ssh connections, etc).

Someone suggested Hairpin NAT (or NAT reflect, that I believe is the same concept). I enabled the corresponding options on "Firewall -> Settings -> Advanced", but apart from that I have no idea about what to do.

So in short, is keeping the VPN always up on my smartphone and being able to connect both outside my LAN and behind my firewall possible to implement?

I'd appreciate any input from someone more experienced.