"
So basically the problem is that FritzBox cannot use a transfer net and instead needs to use an IP in my local subnet, e.g. 10.10.10.123/32 instead of 10.10.100.2/32? ???
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Virtual private networks / Re: WireGuard from OPNsense to FritzBox only works one way?
February 19, 2024, 05:16:28 PM #2
Virtual private networks / WireGuard from OPNsense to FritzBox only works one way?
February 19, 2024, 04:18:00 PM
Okay, this is a bit much to write down, so I will try to make this brief but I cannot figure out the problem...
I have WireGuard running on my OPN install (24.1.1) with a couple of peers configured and it works as expected.
The WG instance has a tunnel address of 10.10.123.1/24. My regular network behind the tunnel is 10.10.10.0/24 and the OPN is 10.10.10.1/32. The peers have "Allowed IPs" like 10.10.123.101/32, 10.10.123.102/32 etc.
I set up a connection to my FritzBox in my other network (192.168.100.0/24) using a config file and set the "Remote Network" to be 10.10.0.0/16 in the FritzBox. The peer on my OPN has "Allowed IPs" 10.10.123.2/32, 10.10.0.0/16 and 192.168.0.0/16. The connection is established successfully according to both the FB and OPN.
Here is the problem:
When I am in the 10.10.10.0/24 network, I can reach any device in the 192.168.100.0/24 without problems, e.g.
However, when I'm in the 192.168.100.0/24 network, I cannot reach any device after the OPN, e.g.
works as expected (10.10.10.1 being the OPN) but
will lead to time outs.
I already tried deactivating the packet filter on the OPN to see if it's a firewall problem but the firewall already shows these connections as "pass", e.g.
I tried searching but I could not find anything (although I admit I have no idea what exactly to search for).
Can anyone help me figure this out?
TIA
SoWhy
PS: My previous setup was two FritzBoxes connected through WireGuard with the same subnets and that worked but I wanted to replace one of them with the OPN box
I have WireGuard running on my OPN install (24.1.1) with a couple of peers configured and it works as expected.
The WG instance has a tunnel address of 10.10.123.1/24. My regular network behind the tunnel is 10.10.10.0/24 and the OPN is 10.10.10.1/32. The peers have "Allowed IPs" like 10.10.123.101/32, 10.10.123.102/32 etc.
I set up a connection to my FritzBox in my other network (192.168.100.0/24) using a config file and set the "Remote Network" to be 10.10.0.0/16 in the FritzBox. The peer on my OPN has "Allowed IPs" 10.10.123.2/32, 10.10.0.0/16 and 192.168.0.0/16. The connection is established successfully according to both the FB and OPN.
Here is the problem:
When I am in the 10.10.10.0/24 network, I can reach any device in the 192.168.100.0/24 without problems, e.g.
Code Select
tracert 192.168.100.236
Tracing route to XXX [192.168.100.236] over a maximum of 30 hops:
1 17 ms 14 ms 13 ms 10.10.123.1
2 52 ms 51 ms 47 ms 192.168.100.1
3 52 ms 55 ms 56 ms XXX [192.168.100.236]However, when I'm in the 192.168.100.0/24 network, I cannot reach any device after the OPN, e.g.
Code Select
tracert 10.10.10.1
Tracing route to 10.10.10.1 over a maximum of 30 hops
1 30 ms 30 ms 30 ms fritz.box [192.168.100.1]
2 68 ms 67 ms 68 ms 10.10.10.1works as expected (10.10.10.1 being the OPN) but
Code Select
tracert 10.10.10.5
Tracing route to 10.10.10.5 over a maximum of 30 hops
1 30 ms 30 ms 32 ms fritz.box [192.168.100.1]
2 74 ms 75 ms 67 ms 10.10.123.1
3 * * * Request timed out.will lead to time outs.
I already tried deactivating the packet filter on the OPN to see if it's a firewall problem but the firewall already shows these connections as "pass", e.g.
QuoteWG 2024-02-18T19:39:32 192.168.100.125:65038 10.10.10.5:53 udp
I tried searching but I could not find anything (although I admit I have no idea what exactly to search for).
Can anyone help me figure this out?
TIA
SoWhy
PS: My previous setup was two FritzBoxes connected through WireGuard with the same subnets and that worked but I wanted to replace one of them with the OPN box
Pages1
