1
24.7 Production Series / Re: wireguard 2fa defguard
« on: October 14, 2024, 09:46:07 am »
How are you doing, did you manage to make this connection work?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Virtual private networks / Re: Wireguard and internal networks
« on: July 30, 2023, 03:01:27 pm »
The problem was solved by specifying in the firewall rule, in the wayguard branch, in the paragraph incoming from "wg1 net" to "any" and prescribing the correct route. Now the question about this farewall rule - how critical is it to allow connections in the inbox to "any"?
https://ibb.co/1M0vpHF
https://ibb.co/1XSGgZk
https://ibb.co/1M0vpHF
https://ibb.co/1XSGgZk
3
Virtual private networks / Re: Wireguard and internal networks
« on: July 26, 2023, 08:54:09 am »
Nothing happened. It turned out to ping from 192.168.23.0.24 ==> 10.15.0.1 by changing the rule in the firewall in the WG branch, changing the branch of source packets from the "WG net" to "any". But the 23 network never pinged.
4
Virtual private networks / Re: Wireguard and internal networks
« on: July 25, 2023, 02:53:13 pm »
I did tracing, both from Mikrotik and from the computer behind it - the routes go correctly. But from the network computer they are lost behind 192.168.68.1, but the address of the WG interface 10.15.0.12 is pinged.
https://ibb.co/qy9VrVT
It seems to me that the matter is in the firewall on the open-sense, since I cannot even ping 10.15.0.1 from the local network behind the microit. Private networks are blocked on the WAN interface there
https://ibb.co/pbc9bp4
I'll try to disable this rule tonight and see what happens.
https://ibb.co/qy9VrVT
It seems to me that the matter is in the firewall on the open-sense, since I cannot even ping 10.15.0.1 from the local network behind the microit. Private networks are blocked on the WAN interface there
https://ibb.co/pbc9bp4
I'll try to disable this rule tonight and see what happens.
5
Virtual private networks / Re: Wireguard and internal networks
« on: July 25, 2023, 12:19:00 pm »
routes are registered on routers or you mean prescription of routes on the computers?
6
Virtual private networks / Wireguard and internal networks
« on: July 25, 2023, 09:06:41 am »
Hello friends. Sorry for bad english. 
I had a problem that I couldn't solve. In the picture below, I have drawn an approximate network topology, where I connected Mikrotik and OpnSense into one network using a Wireguard. Everything works between routers, internal networks are pinged, but the computers behind them cannot ping each other.
https://ibb.co/ft6MyBd
Namely, any computer from the network 192.168.68.0/24 does not ping 192.168.23.0/24 and vice versa. Moreover, computers with 192.168.68.0/24, which is behind Mikrotik, cannot ping the vpn gateway of Wareguard 10.15.0.1, although the Mikrotik 10.15.0.12 interface is pinged. From the network 192.168.23.0, pings reach 10.15.0.1, but they don’t go to the 68 network anymore. I understand that the problem is on the side of OPNSense, namely, it is possible in the firewall ... The gateways in the internal networks are configured correctly.
The firewall on OPNSense is configured according to the instructions from your site, namely, 2 rules have been created for the WAN and WG interfaces. Added a route for the 68network to 10.15.0.12 in the gateways.
I do not know already where to dig, what do you advise?
I had a problem that I couldn't solve. In the picture below, I have drawn an approximate network topology, where I connected Mikrotik and OpnSense into one network using a Wireguard. Everything works between routers, internal networks are pinged, but the computers behind them cannot ping each other.
https://ibb.co/ft6MyBd
Namely, any computer from the network 192.168.68.0/24 does not ping 192.168.23.0/24 and vice versa. Moreover, computers with 192.168.68.0/24, which is behind Mikrotik, cannot ping the vpn gateway of Wareguard 10.15.0.1, although the Mikrotik 10.15.0.12 interface is pinged. From the network 192.168.23.0, pings reach 10.15.0.1, but they don’t go to the 68 network anymore. I understand that the problem is on the side of OPNSense, namely, it is possible in the firewall ... The gateways in the internal networks are configured correctly.
The firewall on OPNSense is configured according to the instructions from your site, namely, 2 rules have been created for the WAN and WG interfaces. Added a route for the 68network to 10.15.0.12 in the gateways.
I do not know already where to dig, what do you advise?
Pages: [1]