Messages

1

24.1 Legacy Series / Re: Cannot get x-forwarded-for Wireguard client ip from LAN.

« on: April 22, 2024, 11:24:26 am »

Sure, what I need is to be able to audit the external IPs (WAN-Internet or WAN-Wireguard) making requests on the web server. For this purpose, I need the web server (LAN - 10.4.250.1) to recognize that the request is coming from the Wireguard client (10.0.2.11) rather than the WAN interface of OpnSense (10.0.0.4). The base configuration of OpnSense is built upon the OpnAzure project (https://github.com/dmauser/opnazure). Perhaps something like IP Forwarding is needed? I'm not sure.

Subnets:
- 10.0.0.4 (WAN - Untrusted)
- 10.0.1.4 (WAN - Trusted)
- 10.0.2.0/24 (Wireguard network)
- 10.4.0.0/16 (Services network)

I can access the Wireguard client 10.0.2.11 correctly from 10.4.0.0/16, and from this client, I can also access the service subnet (10.4.0.0/16) correctly.

Many thanks!

2

24.1 Legacy Series / Cannot get x-forwarded-for Wireguard client ip from LAN.

« on: April 22, 2024, 01:17:00 am »

I have a web server and a VPN with WireGuard. The configuration is as follows. The issue is that from the web server (10.4.250.1), I see '10.0.0.4' (internal WAN IP) and I should be able to see '10.0.2.11'. How can I achieve this?

Thank you!