Messages

Hi, I have setup a VPN solution with Wireguard, that connects two different lans to our head office, (see attached network drawing)

I have also added these rules to the LAN and Wireguard interface. (see attached images)

The issue I'm having is that i can ping from my server at 172.16.10.10 to 10.0.22.1 and 10.0.22.7
I can not ping from my server 172.16.10.10 to 10.51.71.211

And i can not ping from either 10.0.22.1 to 172.16.10.10 or 10.51.71.211 to 172.16.10.10.

Is there a need for gateways an static routes to get this to work?

[Wireguard instance 1:]

Hi, My current setup is as follows:
Wireguard instance 1:
Site to Site Setup using: https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
Settings:
Port: 51820
Tunnel address: 10.2.2.1/24
Peers wgopn-site-b

Peer
Settings
Name: wgopn-site-b
Allowed IPs: 10.2.2.2/32, 10.0.22.0/24, 172.16.10.0/24
Endpoint port: 51820
Keepalive interval: 25

Wireguard instance 2:
Roadwarrior setup using: https://docs.opnsense.org/manual/how-tos/wireguard-client.html
Settings:
Port: 51821
Tunnel address: 10.10.10.1/24
Peers Laptop01

Peer
Settings
Name: Laptop01
Allowed IPs: 10.10.10.3/32, 10.0.22.0/24, 172.16.10.0/24


Lan on site A : 172.16.10.0/24
Lan on site B : 10.0.22.0/24

Currently i can ping the clients on network 172.16.10.0/24 from my roadwarrior client "Laptop01" but not the 10.0.22.0/24 network. but if I connect via ssh to a server on 172.16.10.10/24 i can ping 10.0.22.7 i have tried with adding gateways,static routes, and adding firewall rules. but i feel I'm starting to make a mess of things.

Anyone got any tips of were i should start?

Thank you, for describing the issue I will look into this.

I recently switched from pfsense to opnsense, and i must say if this is the kind of support I could expect I definitely did the right choice.

Ok, so its not enough with defining a single gateway, and defining a route? (see attached images)

I will test that, the installation guide for wg-easy says the default is:

Allowed ips = 0.0.0.0/0, ::/0

But i can restart the docker container, and add some allowed ips.

This is just for testing purposes and the plan is to run this from a vps/cloud solution. So i dont want to lock myself into opnsense from the start...

[Settings on server running wg-easy (https://github.com/wg-easy/wg-easy)]

Hi,

Hopefully this is the right information:


Settings on server running wg-easy (https://github.com/wg-easy/wg-easy)

Code Select Expand


# Server
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXX
Address = 10.8.0.1/24
ListenPort = 51820
PreUp =
PostUp =  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown =

# Client: WorkLaptop ()
[Peer]
PublicKey = XX
PresharedKey = XX
AllowedIPs = 10.8.0.6/32


Settings in teltonika modem:

AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1

Static routes to public ip address

Hi,

I'm having some difficulties with getting a wireguard setup to work fully. My current setup is a wireguard server on the lan, with a opnsense port forwarding to it. on a remote site i have a 3g-modem with wireguard client. I have the wireguard connection up and running, but i can only ping from the client on the remote site to the server and other pc-s on the 172.16.10.0/24 network. If i try to ping the 10.0.22.0/24 network i get no answer i have tried by setting up the wireguard server as a gateway and making a static route but that does not seem to work...

any ideas?

Best regards
Michael