OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of enmi »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - enmi

Pages: [1]
1
Virtual private networks / Wireguard not able to ping all LAN:s
« on: November 13, 2023, 12:59:28 pm »
Hi, I have setup a VPN solution with Wireguard, that connects two different lans to our head office, (see attached network drawing)

I have also added these rules to the LAN and Wireguard interface. (see attached images)

The issue I'm having is that i can ping from my server at 172.16.10.10 to 10.0.22.1 and 10.0.22.7
I can not ping from my server 172.16.10.10 to 10.51.71.211

And i can not ping from either 10.0.22.1 to 172.16.10.10 or 10.51.71.211 to 172.16.10.10.

Is there a need for gateways an static routes to get this to work?





2
Virtual private networks / Wireguard and routing issues
« on: November 08, 2023, 04:17:11 pm »
Hi, My current setup is as follows:
Wireguard instance 1:
Site to Site Setup using: https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
Settings:
Port: 51820
Tunnel address: 10.2.2.1/24
Peers wgopn-site-b

Peer
Settings
Name: wgopn-site-b
Allowed IPs: 10.2.2.2/32, 10.0.22.0/24, 172.16.10.0/24
Endpoint port: 51820
Keepalive interval: 25

Wireguard instance 2:
Roadwarrior setup using: https://docs.opnsense.org/manual/how-tos/wireguard-client.html
Settings:
Port: 51821
Tunnel address: 10.10.10.1/24
Peers Laptop01

Peer
Settings
Name: Laptop01
Allowed IPs: 10.10.10.3/32, 10.0.22.0/24, 172.16.10.0/24

Lan on site A : 172.16.10.0/24
Lan on site B : 10.0.22.0/24

Currently i can ping the clients on network 172.16.10.0/24 from my roadwarrior client "Laptop01" but not the 10.0.22.0/24 network. but if I connect via ssh to a server on 172.16.10.10/24 i can ping 10.0.22.7 i have tried with adding gateways,static routes, and adding firewall rules. but i feel I'm starting to make a mess of things.

Anyone got any tips of were i should start?

3
General Discussion / Re: Not reaching clients on remote site (wireguard vpn on linux server)
« on: November 02, 2023, 02:33:08 pm »
Thank you, for describing the issue I will look into this.

I recently switched from pfsense to opnsense, and i must say if this is the kind of support I could expect I definitely did the right choice.

4
General Discussion / Re: Not reaching clients on remote site (wireguard vpn on linux server)
« on: November 02, 2023, 02:13:36 pm »
Ok, so its not enough with defining a single gateway, and defining a route? (see attached images)

5
General Discussion / Re: Not reaching clients on remote site (wireguard vpn on linux server)
« on: November 02, 2023, 01:59:21 pm »
I will test that, the installation guide for wg-easy says the default is:

Allowed ips = 0.0.0.0/0, ::/0

But i can restart the docker container, and add some allowed ips.

This is just for testing purposes and the plan is to run this from a vps/cloud solution. So i dont want to lock myself into opnsense from the start...

6
General Discussion / Re: Not reaching clients on remote site (wireguard vpn on linux server)
« on: November 02, 2023, 01:33:53 pm »
Hi,

Hopefully this is the right information:


Settings on server running wg-easy (https://github.com/wg-easy/wg-easy)
Code: [Select]
# Server
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXX
Address = 10.8.0.1/24
ListenPort = 51820
PreUp =
PostUp =  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown =

# Client: WorkLaptop ()
[Peer]
PublicKey = XX
PresharedKey = XX
AllowedIPs = 10.8.0.6/32

Settings in teltonika modem:

AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1

Static routes to public ip address



7
General Discussion / Not reaching clients on remote site (wireguard vpn on linux server)
« on: November 02, 2023, 11:00:11 am »
Hi,

I'm having some difficulties with getting a wireguard setup to work fully. My current setup is a wireguard server on the lan, with a opnsense port forwarding to it. on a remote site i have a 3g-modem with wireguard client. I have the wireguard connection up and running, but i can only ping from the client on the remote site to the server and other pc-s on the 172.16.10.0/24 network. If i try to ping the 10.0.22.0/24 network i get no answer i have tried by setting up the wireguard server as a gateway and making a static route but that does not seem to work...

any ideas?

Best regards
Michael

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2