OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Riktastic »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Riktastic

Pages: [1]
1
Virtual private networks / Re: Router not listening on second WireGuard-interface
« on: October 27, 2023, 08:53:09 am »
Quote from: Monviech on October 26, 2023, 11:45:53 am
Did you put the LAN network into the allowed IPs in each client, additionally to the wireguard network?

So for example if your wireguard network is 10.4.4.0/24, and your LAN is 192.168.1.0/24, the allowed IPs on the clients should be 10.4.4.0/24 192.168.1.0/24

Also make sure to use a unique port per instance. If instance wg1 is 51820, instance wg2 should be 51821 etc...

- Yes your setup is possible, you can have multiple wg instances with different settings attached to them. I'm not sure about sharing peer configurations between them though, I have always created unique peers because things like "allowed IPs" change when you have multiple instances, and the routing in the firewall depends on this uniqueness.


Wow, it was that simple. I've copied al client configurations, coupled the copies to my second peer (WG2), adjusted the "allowed IP adresses" (can't remember the exact name of the field), just to be sure resetted the PSK and changed the keys. Now it works :).

Thanks a lot!

2
Virtual private networks / [Solved] Router not listening on second WireGuard-interface
« on: October 26, 2023, 10:44:55 am »
Hi there everyone,

I've followed the "WireGuard Road Warrior Setup" (https://docs.opnsense.org/manual/how-tos/wireguard-client.html) twice. Once for a peer (WG1) from which clients are only able to connect to a "virtual network" and once for a peer (WG2) from which clients are able to access  the LAN-network.

Clients connected to the "virtual network" are able to ping the router just fine and make use of its DNS server, even routing works if I allow clients to access other networks.
Clients connected to WG2 are able to ping each other but can't ping the router, nor can they use its routing and DNS server (which I have allowed on that particular interface).

I'm pretty sure that the firewall rules and NAT rules are almost exactly the same. Both include access to the network and the address on which the router should listen. The only difference is ofcourse the allowcance of accessing its own network and WG2 can also access the LAN-network.

- Is my setup even possible?
- What could be a configuration option that blocks clients from WG2 to access the router?

PS: Clients are succesfully connected. The clients from WG1 are the same as the ones from WG2.


Kind regards,

Riktastic

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2