Messages

1

Virtual private networks / Re: WireGuard: Routing site-to-site

« on: January 20, 2023, 12:23:13 pm »

Firewall rules are to pass everything with a wildcard source and destination for both the specific and WG group interface.

2

Virtual private networks / Re: WireGuard: Routing site-to-site

« on: January 20, 2023, 09:20:06 am »

Yep, I added an interface for the tunnel, but no manual routing config or gateway config.

Screenshots incoming:

3

Virtual private networks / WireGuard: Routing site-to-site

« on: January 19, 2023, 04:05:58 pm »

I've just set up a brand new install of OpnSense 22.7.11 and followed the WireGuard Site-to-Site Setup guide. However, clients on my LAN cannot ping remote IPs nor can I ping them from OpnSense unless I specifically set the Source Address.

I have an existing pfSense setup which I'm conencting to.

My existing network has several networks accessible via WireGuard (provable using WireGuard on a laptop or mobile - I can access the required networks) such as "192.168.3.0/24".

I've configured an Endpoint in the WireGuard config with this network in the "Allowed IPs", and can see that in "System > Routes > Status" there is a route for "192.168.3.0/24" going down the WireGuard interface.

If I go to "Interfaces > Diagnostics > Ping" and ping a host on this network with the "Source Address" set to the WireGuard interface, I get a response. If I leave the "Source Address" set to "Default" or set it to "LAN", I don't get a response.

Any ideas?