"
Worked! Simply adding another port forward on top of the existing port forward on WAN interface, redirecting all requests to Wireguard IP to local tunnel seems to have worked.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Virtual private networks / Re: Wireguard Selective Routing - Local resolution?
June 27, 2024, 08:39:15 PM #2
Virtual private networks / Re: Wireguard Selective Routing - Local resolution?
June 27, 2024, 08:35:43 PM
Interesting.
I can finally see some of the important logs in the firewall.
WAN IP (device is off the VPN) hits external WireGuard Endpoint IP.
That request gets redirected into the home directly through the tunnel through my port forward.
That traffic then tries to go back out to no avail.
If I can redirect all traffic to the external wireguard endpoint ip from localhost to the internal wireguard IP it should work.
I can finally see some of the important logs in the firewall.
WAN IP (device is off the VPN) hits external WireGuard Endpoint IP.
That request gets redirected into the home directly through the tunnel through my port forward.
That traffic then tries to go back out to no avail.
If I can redirect all traffic to the external wireguard endpoint ip from localhost to the internal wireguard IP it should work.
#3
Virtual private networks / Re: Wireguard Selective Routing - Local resolution?
June 27, 2024, 08:20:30 PM
Unfortunately following the guide and not using the default NAT reflection, I can't even access the services via the internal wireguard port.
#4
Virtual private networks / Re: Wireguard Selective Routing - Local resolution?
June 27, 2024, 04:50:19 PM
It just seems like a standard wireguard based issue though. It simply thinks that the nat reflected IP is the local endpoint of the wireguard tunnel, not the actual endpoint.
Is there any way to resolve this with a hairpin?
Is there any way to resolve this with a hairpin?
#5
Virtual private networks / Re: Wireguard Selective Routing - Local resolution?
June 27, 2024, 09:05:33 AM
Hi,
Sorry for sounding passive aggressive on Github! It really wasn't my intention.
Current state: 10.13.128.121 is the local endpoint of the WG Tunnel. I can access my port forwarded services in LAN through 10.13.128.121:port. However, I cannot access it via the other endpoint- aka the public IP of the WG Tunnel. This seems to say that NAT reflection is working but not in the way that I want it to.
Should I post every rule I have setup on OPNsense WG related right now? I do not want to spam with images.
While the issue I posted has been resolved (MSS issue as you mentioned)
https://new.reddit.com/r/opnsense/comments/1dompr6/port_forwarding_based_on_wireguard/
All my rules should be available on the above link.
Sorry for sounding passive aggressive on Github! It really wasn't my intention.
Current state: 10.13.128.121 is the local endpoint of the WG Tunnel. I can access my port forwarded services in LAN through 10.13.128.121:port. However, I cannot access it via the other endpoint- aka the public IP of the WG Tunnel. This seems to say that NAT reflection is working but not in the way that I want it to.
Should I post every rule I have setup on OPNsense WG related right now? I do not want to spam with images.
While the issue I posted has been resolved (MSS issue as you mentioned)
https://new.reddit.com/r/opnsense/comments/1dompr6/port_forwarding_based_on_wireguard/
All my rules should be available on the above link.
#6
Virtual private networks / Wireguard Selective Routing - Local resolution?
June 27, 2024, 12:05:42 AM
Hi all! I have wireguard selective routing working perfectly even with port forwards via reply_to.
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html + documented reply_to issue.
I'm now trying to get my port forwards to work within LAN- aka access services through the VPN tunnel also through LAN as I need the url to be the same within the network as outside of the network.
I've heard this can be done with NAT reflection in most cases, but with wireguard it doesn't seem to work.
Anyone have any clues?
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html + documented reply_to issue.
I'm now trying to get my port forwards to work within LAN- aka access services through the VPN tunnel also through LAN as I need the url to be the same within the network as outside of the network.
I've heard this can be done with NAT reflection in most cases, but with wireguard it doesn't seem to work.
Anyone have any clues?
Pages1
