Messages

Hi experts,

I m facing a situation where I want to cross by two locations of Wireguard instances to finally go out to the internet with the public IP from the last location.

I have set up the following topology:


As you can see I have the local machine sitting in SPAIN, using Wireshark to connect to my VPS that is located in Madrid, and finally route this traffic to another VPS located in SAOPAULO, the reason for that is because my VPS provider offer a better route reducing extremely the latency compared with a directly connection from my home PC to the VPS 2 SP.

So in order to use this better route I need to go through the VPS provider located in Madrid.

I have made already several attempts to make my public IP set as the VPS 2 SP location, but the maximum I could achieve is my public IP go out from the VPS 1 MAD location.

From the OpnSense I can ping both peers on MAD and SP, on reverse direction from SP I can reach to the peer set on OpnSense as well, so in terms of connection between the Wireguard it seems to be working, my problem is how can I set the routing on the VPS MAD in order to make all my traffic go out on the VPS SP.

This is my config for the VPS MAD:

[Interface]
Address = 10.13.13.2
ListenPort = 51820
MTU = 1420
#Table = vpn
PrivateKey = <omitted>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE

# nodeBR
[Peer]
PublicKey = <omitted>
AllowedIPs = 10.13.13.1/32,10.13.13.3/32

# nodeES
[Peer]
PublicKey = <omitted>
AllowedIPs = 10.13.13.3/32

On VPS SP I have this:

[Interface]
Address = 10.13.13.1
ListenPort = 21841
MTU = 1420
PrivateKey = <omitted>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp0s3 -j MASQUERADE

[Peer]
PublicKey = <omitted>
AllowedIPs = 10.13.13.2/32,10.13.13.3/32
Endpoint = <omitted>:51820
PersistentKeepalive = 15

And on Opnsense I have the following:






Any suggestion on how can I achieve it?

The tunnel is working, the other side of the tunnel is actually the 10.5.0.1.
After I changed the Gateway to that IP I finally got the connection!

That made the trick, thanks mate!

My bad, I really missed that ones, here we go:

Gateway config


WG local


WG peer

Hi, sure mate! I think I dont know how to post the image directly to the post... hope this works:
screenshot01:



screenshot02:



screenshot03:



screenshot04:

Hi there,

I m sorry for being another one asking it, but I have been spenting 2 days already trying different suggestions here and followed this tutorial from (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) about 10 times now, always deleting everything and starting from scratch to make sure I m not missing something.

But anyway... I cannot make the traffic pass trhu the tunnel, for me looks like the tunnel is up and running, it is renewing the handshake time to time and the traffic counter is growing due to the negotiations etc... But at the end I cannot make the traffic from a specific VLAN be routed thru the Wiregaurd tunnel.

I m new to OPNsense too, so I guess there is more behind the scenes than just this guide on the link.
Do someone have photos of examples on how to setup it?

Just for information, the vlan is working fine, i have allowed it to run over the wan interface and I could navigate without problem, it is only thing I believe I configured accordingly.

Thanks in advance,
Curse.