1
Virtual private networks / Re: Wireguard Site to Site, Peer sees Lan but Lan can't see Peer
« on: February 16, 2023, 11:53:37 pm »
Your assistance so far has led me to start reading a little on IP routing and while I am not entirely sure I understand it all I think maybe what I need to add to the PI's wg configuration is the following:
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Does that sound right? What still has me confused is why the PI can see everything on my OPNsense network when I haven't added anything to the OPNsense config. Does the plugin do all that for me?
Before I try this, I want to be sure that I don't lock myself out of being able to connect to the PI via ssh and VNC should the tunnel go down. Will the above somehow result in the Pi only wanting to communicate via the tunnel given I have included the entire local network in the allowed IP. I think I saw some instructions on how to avoid that but not sure it was related to this. Sorry, but I get nervous when I'm not sure I understand exactly what is going on and it's a whole thing if I get locked out of the PI since it is remote.
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Does that sound right? What still has me confused is why the PI can see everything on my OPNsense network when I haven't added anything to the OPNsense config. Does the plugin do all that for me?
Before I try this, I want to be sure that I don't lock myself out of being able to connect to the PI via ssh and VNC should the tunnel go down. Will the above somehow result in the Pi only wanting to communicate via the tunnel given I have included the entire local network in the allowed IP. I think I saw some instructions on how to avoid that but not sure it was related to this. Sorry, but I get nervous when I'm not sure I understand exactly what is going on and it's a whole thing if I get locked out of the PI since it is remote.