1
Virtual private networks / OPNSense Wireguard behind ATT modem/router
« on: July 12, 2023, 10:35:51 pm »
Hi everyone,
Have been trying to simplify my network setup. It has been overly complicated due to my general ignorance, but hoping to get everything simplified using the OPNSense box. The basic architecture is below:
Working:
Internet <-> ATT Modem/Router (work/guest network) <-> Router <-> OPNSense <-> Wireless Router (my network, NAT disabled)
Desired:
Internet <-> ATT Modem/Router (work/guest network) <-> OPNSense <-> Wireless Router (my network, NAT disabled)
The first router was there because originally instead of OPNSense I was using Sophos which doesn't support VPN clients, so it handled Wireguard. The wireless router is set up as a router instead of an access point because for whatever reason some of the advanced features are only available in router mode. So keeping the local network isolated and using outbound NAT rules on OPNSense to send traffic out to the internet. Not sure if the WAN outbound NAT rule is necessary even more or desired now that Wireguard is setup on OPNSense.
I used this guide (https://gist.github.com/morningreis/eeda36e8bb07dcb750d77e9a744776e8) for the VPN setup and have success with the current setup. Am also using DNS over TLS along with Unbound DNS on the OPNSense box.
Now when I remove the unnecessary router, it seems like the DNS server just croaks. Can even turn off DNS over TLS or have the internal router use 8.8.8.8 and still have problems. I don't see any ports blocked on my firewall. So not exactly sure what's happening. I'm really a big noob so not sure what to look at first or what the hell is going on. Or maybe there's some restriction on the ATT modem/router with VPN's? I don't want to use IP Passthrough because I use my work computer on the ATT wifi for super safe isolation.
Could someone please help? Would appreciate it so much
Have been trying to simplify my network setup. It has been overly complicated due to my general ignorance, but hoping to get everything simplified using the OPNSense box. The basic architecture is below:
Working:
Internet <-> ATT Modem/Router (work/guest network) <-> Router <-> OPNSense <-> Wireless Router (my network, NAT disabled)
Desired:
Internet <-> ATT Modem/Router (work/guest network) <-> OPNSense <-> Wireless Router (my network, NAT disabled)
The first router was there because originally instead of OPNSense I was using Sophos which doesn't support VPN clients, so it handled Wireguard. The wireless router is set up as a router instead of an access point because for whatever reason some of the advanced features are only available in router mode. So keeping the local network isolated and using outbound NAT rules on OPNSense to send traffic out to the internet. Not sure if the WAN outbound NAT rule is necessary even more or desired now that Wireguard is setup on OPNSense.
I used this guide (https://gist.github.com/morningreis/eeda36e8bb07dcb750d77e9a744776e8) for the VPN setup and have success with the current setup. Am also using DNS over TLS along with Unbound DNS on the OPNSense box.
Now when I remove the unnecessary router, it seems like the DNS server just croaks. Can even turn off DNS over TLS or have the internal router use 8.8.8.8 and still have problems. I don't see any ports blocked on my firewall. So not exactly sure what's happening. I'm really a big noob so not sure what to look at first or what the hell is going on. Or maybe there's some restriction on the ATT modem/router with VPN's? I don't want to use IP Passthrough because I use my work computer on the ATT wifi for super safe isolation.
Could someone please help? Would appreciate it so much