Messages

yes sir!
you save my life... after two weeks of try you gave me input for solve this question!
thanks very much.. if you come in italy please come to my house and I will offer you a good coffee!
plat

so please help me to assign addresses.

I have only one point that I cannot change

fritz on site a is 192.168.0.1/22
with subnets that I use are 192.168.0.0 and 192.168.2.0

his opensense firewall has in this moment:
wan 192.168.0.254/24
lan 192.168.2.254/24
opt  (can change)


second fritz is free to set.

italian? I didn't know there are fritzboxes used there :)

:) :) :) :) :) :) :)

it is impossible to translate...
but my problem is not to make a wireguard connection... it is established.. and working..
now is only a routing table problem...

when a packet comes into the opnsense... if directed to a client on the same subnet of opensense... it reach destination... if not... it remains into the interface..

I have for sure a problem of tracking routes.. due to the fact that opnsense don't manage dns but it is the fritz that manage it.

here a traceroute from site A (fritz) to site B

Code Select Expand

platini76@PlatPro16 ~ % traceroute 192.168.12.1
traceroute to 192.168.12.1 (192.168.12.1), 64 hops max, 52 byte packets
1  fritz.box (192.168.0.1)  5.194 ms  4.384 ms  4.027 ms
2  pfsense (192.168.0.254)  5.604 ms  5.844 ms  5.769 ms
3  10.100.90.1 (10.100.90.1)  73.387 ms  74.826 ms  75.708 ms

and here from opnsense shell to site B

: traceroute 192.168.12.1
traceroute to 192.168.12.1 (192.168.12.1), 64 hops max, 40 byte packets
1  10.100.90.1 (10.100.90.1)  67.925 ms  62.216 ms  69.590 ms

I manage to establish the vpn both way from opnsense and fritz.. but I still have a problem.
on opnsense consolle I can ping remote hosts...

Code Select Expand

[2.7.0-RELEASE][root@pfSense.home.arpa]/root: ping 192.168.12.1
PING 192.168.12.1 (192.168.12.1): 56 data bytes
64 bytes from 10.100.90.1: icmp_seq=0 ttl=64 time=50.825 ms
64 bytes from 10.100.90.1: icmp_seq=1 ttl=64 time=56.637 ms
^Z
Suspended
[2.7.0-RELEASE][root@pfSense.home.arpa]/root: ping 192.168.12.33
PING 192.168.12.33 (192.168.12.33): 56 data bytes
64 bytes from 10.100.90.1: icmp_seq=0 ttl=254 time=260.427 ms
64 bytes from 10.100.90.1: icmp_seq=1 ttl=254 time=78.874 ms

(I changed some ips sorry)

but I still not reach any ports on remote fritz... there is something that I don't do in firewalls or routes.

noone can help me?

this is my last log console:
root@OPNsense:~ # ping 192.168.12.33
PING 192.168.12.33 (192.168.12.33): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=254 time=125.764 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=254 time=145.248 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=254 time=151.729 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=254 time=60.655 ms

64 bytes from 10.0.0.2: icmp_seq=4 ttl=254 time=98.549 ms
64 bytes from 10.0.0.2: icmp_seq=5 ttl=254 time=118.062 ms
^Z
Suspended
root@OPNsense:~ # traceroute 192.168.12.33
traceroute to 192.168.12.33 (192.168.12.33), 64 hops max, 40 byte packets
1  10.0.0.2 (10.0.0.2)  297.478 ms  62.803 ms  60.274 ms
2  10.0.0.2 (10.0.0.2)  99.519 ms  98.444 ms  206.532 ms
root@OPNsense:~ #

all addresses are resolved in 10.0.0.2 that is the second address of my remote fritz

this is the message when I try to ping one of the component of remote lan 192.168.12.10

ping: sendto: Capabilities insufficient
92 bytes from 127.0.0.1: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 1e12   0 0000  40  01 85e4 10.0.0.1  192.168.12.10

with applies of those rules

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

i make a little step...

now from opnsense consolle I can ping 192.168.12.1 
but still I cannot ping it from site a and I cannot ping the rest of his lan devices.. (ping: sendto: No route to host
)

seemsn related to this..
https://forum.mikrotik.com/viewtopic.php?t=197279

but I don't understand where confi remote network

description of my lan:

SITE A: fritzbox 192.168.0.1 DSL         routes 192.168.12.0/24 to gateway 192.168.2.254
                                                                   10.0.0.0/24 to gateway 192.168.2.254
            opnsense 192.168.2.254  with wireguard server tunnel configured on 10.0.0.1

SITE B: fritzbox 192.168.12.1

two sites are correctly browsing internet and site B take the site A public address for my config.

SITE B can ping all SITE A addressed through the tunnel

SITE A can ping 10.0.0.2  (tunnel adress of site b fritz) 
           can see web interface 192.168.12.1 of the site B fritz
           but cannot ping not 192.168.12.1 and his lan address
it seems that I miss something in config it seems something related to routes, dns, or something else.. probably something stupid...

but I don't find what.

any help is appreciated.