Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - RSpin

Pages: [1]

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 16, 2023, 11:53:37 pm »

Your assistance so far has led me to start reading a little on IP routing and while I am not entirely sure I understand it all I think maybe what I need to add to the PI's wg configuration is the following:

PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Does that sound right? What still has me confused is why the PI can see everything on my OPNsense network when I haven't added anything to the OPNsense config. Does the plugin do all that for me?

Before I try this, I want to be sure that I don't lock myself out of being able to connect to the PI via ssh and VNC should the tunnel go down. Will the above somehow result in the Pi only wanting to communicate via the tunnel given I have included the entire local network in the allowed IP. I think I saw some instructions on how to avoid that but not sure it was related to this. Sorry, but I get nervous when I'm not sure I understand exactly what is going on and it's a whole thing if I get locked out of the PI since it is remote.

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 16, 2023, 03:26:51 pm »

Sorry, I have not set up any static routes on ONPsense or on the router that the Pi is connected.

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 15, 2023, 02:22:50 am »

I don't think this is relevant but I am not trying to use this WG connection to allow either Site to use the others internet. That should be done locally only. Hope I said that right.

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 15, 2023, 02:17:24 am »

pi@raspberrypi:~ $ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian

I double checked in the add/remove software and I have wireguard installed not pivpn. Not familiar with what that is.

pi@raspberrypi:~ $ netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
10.10.20.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
10.20.20.1 0.0.0.0 255.255.255.255 UH 0 0 0 wg0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 vethec925a4
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-a2ee912178f5
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0

I hope this is what you are looking for? Looks like the wireguard tunnel wg0 is using gateway 0.0.0.0. Should it be 192.168.1.1? Not sure how I fix that though.

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 14, 2023, 10:57:27 pm »

With regard to the static routes. Is there a way to check to see if I already have some static routes. I set up that Ubuntu server like 3 years ago so I honestly don't remember if I set something up on the pi then or not. I most definately have not set up any static routes in the course of trying to get this set up running. Not of the how to's or youtubes I read mentioned the need to do that.

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 14, 2023, 10:53:45 pm »

I will have do some research on how to do a packet search. Never had to so that before. I'll see what I can figure out.

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 14, 2023, 10:51:26 pm »

Forgive me, I'm not exactly sure what you mean. I am pretty sure the LAN gateway is on the router and is 192.168.1.1. The IP of the Pi is 192.168.1.117.

Thank you by the way for trying to assist.

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 14, 2023, 03:58:44 am »

The LAN gateway is on on a Verizon Fios Router. The Pi's only reason to exist is this Wireguard Tunnel. The Pi is plugged directly into the Fios Router so no wifi etc. I have a HDHR Prime that is also plugged into the same Router. That is acutally what I want to pass through the tunnel.

Had this working perfectly for a long time but I got greedy I guess and am upgrading my setup at home to make use of opnsense. Had just an Ubuntu server with a wireguard connection to the Pi, Now I'm trying to graduate to Proxmox and OPNsense. Thought this would be the easy part. $:-\$

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 12, 2023, 11:26:15 pm »

The 10.10.20.0 is a VLAN on the OPNSense machine, which I can connect to from the Pi over the Wireguard connection.

The 10.20.20.1 & 2 are the Wireguard interface IPs at either end.

Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 12, 2023, 08:46:47 pm »

Thanks for reply

The Lan is 192.168.1.0, the router is 192168.1.1

Virtual private networks / Wireguard Site to Site, Peer sees Lan but Lan can't see Peer

« on: February 12, 2023, 03:04:54 am »

Trying to set up a Wireguard Site to Site setup between my Proxmox Server running an Opnsense VM and a raspberry pi at another location. Followed all the tutorials (I think) and I am close. I get a handshake and I can ping the Wireguard interfaces in both directions. From the raspberry pi I can also ping all the addresses on my OPNsense Lan. I cannot ping any IP addresses on the Raspberri pi except the Wireguard interface. UFW is not running on the Pi. The Pi is connected to a Verizon Fios Router port forward on for 58020 to the PI. I have setup Wireguard connection to this Pi in the past and was able to access other devices on the network so I don't think there is anything going on at that end but willing to entertain ideas.

Opnsense set up

LAN network 10.10.0.1

Wireguard Local
Listen Port: 58020
Tunnel Address: 10.20.20.1

Endpoints
AllowedIps: 10.20.20.2/32, 192.168.1.0/24
Endpoint address and Port set to WAN address of Pi and port 58020

Raspberri Pi setup

Lan: 192.168.0.1

wg0.conf
[Interface]
PrivateKey =

ListenPort = 58020
Address = 10.20.20.2/32

[Peer]
PublicKey =

AllowedIPs = 10.20.20.1/32,10.10.0.0/24,10.10.20.0/24
Endpoint = #############:58020
PersistentKeepAlive = 21

I have a wide open firewall rule set on the OPNsense WG interface.

The only thing that I have noticed that might be off is when I set up the Wireguard Interface it set up as wg1 instead of wg0. I do not have a wg0 so that seemed weird to me.

I am one of those follow the tutorial/youTube vidio guys who can follow directions but have only a passing knowledge of why anything works. I am new to OPNsense and am just at a loss as to how to trouble shoot this. Makes no sense to me that I can ping the wireguard interface but not any devices on the PI's network given I am pretty sure I have the allowed ip setting correct. As I said, I have accomplished this with my old Ubuntu server so I feel like it should work.

Thanks for any ideas.

Pages: [1]