Messages

I am currently setting up a site2site connection for testing. The Setup is the following

SITE A (up for testing):

- sits in the network of the site and has DHCP on WAN (192.168.x.x/24) provided by the networks router
- has a LAN Interface (10.10.x.x/17) that has no connected machines

SITE B:

- sits in the network as DMZ behind a router
- acts as DHCP DNS and devices in LAN are connected via LAN
- is where the client sits that tries to connect to a device in SITE A's WAN network

Now my problem is the following. The Wireguard connection seems to be working just fine. The OPNSense instances in both locations can ping, curl, etc. each others networks without any issues. However when I am trying to connect from a host in SITE B's network I cannot reach SITE A's hosts (except for the OPNSense instance which is reachable on its WAN as well as LAN address).

If I trace the packets it becomes clear that they reach SITE A. I also see them on the outgoing traffic of the WAN interface. But there does not seem to be a response. Even when I completely opened the WAN interface with ingoing and outgoing rules for the firewall I get nothing. I've been trying and researching all day but am pretty much lost at that point. Would be great if someone had an idea on what I could investigate

Turns out the solution was pretty simple. While I had the correct in and out rules on the wireguard group I was missing the incoming udp rule on the WAN interface. After that one was added in everything worked like it was supposed to.

because it leaves room in the 10.100.x.x for other stuff like the vpn subnets for example

I intend opnsense to be the endpoint so. The purpose of this test is to access my local network from my mobile phone from outside. I guess there is something here that I'm not getting correctly though :/

The transport network and allowedIPs do not overlap though. Transport is 10.100.0.0/17 so it ends at 10.100.127.255

Hey I am currently testing out some things with opnsense because I want to replace most of/all of my router with it. But for testing this is my current setup

https://imgur.com/a/SEaUkgX


I forwarded the 51820 udp port of my router to the 192.168.100.20 which is the opnsense wan interface. Now I have been reading through the docs and watched some wireguard tutorials. But I cannot get a connection. This is my configuration

I have set up wireguard with one instance.

listen port: 51820
tunnel address: 10.100.200.1/24
peers:
- name: mobile test
  allowedIPs: 10.100.200.205/32
  publicKey: <my-mobile-clients-pub-key>

On my mobile device I

interface
addresses:
- 10.100.200.205/32
peers:
- pubKey: <servers-pub-key>
  allowedIPs: 192.168.100.0/24
  Enpoint: <routers-pub-ip>:51820

However I do not see a handshake or any incoming traffic. The WireGuard app on Android tell me its connected but I guess that is bogus because even if I change around the port it still tells me it was connected without the port even being open on the router. Is there anything I can check that would narrow down where I went wrong?