Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - departy

Pages1
#1
Virtual private networks / Re: Wireguard SiteToSite with one public IP address problem
August 13, 2024, 01:44:43 PM
Solved.
I happened to have more than one Peer with the same AllowedIP addresses and I guess it was causing routing issue.

Deleted all others Peers with same routes and problem disappeared.
#2
Virtual private networks / [Solved] Wireguard SiteToSite with one public IP address problem
August 13, 2024, 11:41:34 AM
Hello, I am trying to config WireGuard Site To Site with only one public IP address.

Lets call them
Network A - Public IP
Network B - Behind NAT

Both Sites are on LATEST version of OpnSense

Owned networks
Network A:
10.0.0.0/24
10.2.20.0/24
10.2.30.0/24

Network B:
10.2.0.0/24

Network A
Name: WireGuard.A
PublicKey: <key>
PrivateKey: <key>
Listen Port <port>
Tunnel Address: 10.25.25.1/24
Peers: <NetworkB.Gateway>


Peer:
Name: NetworkB.Gateway
PublicKey: <key>
Pre-shared key: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.25.25.2/32, 10.2.0.0/24
KeepAlive: 10s


Network B:
Instance:
Name: WireGuard.NetworkA
PublicKey <key>
PrivateKey: <key>
ListenPort: <port>
Tunnel Address: 10.25.25.2/32
Peers: NetworkA.Gateway

Peer B:
Name: NetworkA.Gateway
PublicKey: <key>
PresharedKey: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.2.30.0/24, 10.2.0.0/24
Endpoing: gateway.networkA.com
endpoint port: <port>
KeepAlive: 10s


I have NAT rules:
From * to * on WireGuard NetworkA and B interfaces



Problem:
When I ping from Network B anything in 10.2.20.0/24 and 10.0.0.0/24 IT WORKS
But it doesnt work backwards. When Network A pings anything from Network B i get Timeout:
PING 10.2.0.5 (10.2.0.5): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

I read online that this might be due to some rules, but I have Allow ALL everywhere
What did a package capture and noticed that the package go through but it doesnt go back for some reason: https://ibb.co/8DQkRmx

I am unable to troubleshoot this on my own, would like to ask the community for help. I do not know what I am doing wrong.

If two sites had public IPs would have been easier :(

Thanks in advance!

-----------------------------------
Added Images for easier view:
https://ibb.co/T2h6Tpm
https://ibb.co/8DQkRmx
https://ibb.co/p4f3wkk
https://ibb.co/23hk8PF
https://ibb.co/fSL3sKK
https://ibb.co/DCLWW4V
https://ibb.co/276Rgvc
https://ibb.co/NtjN8Xj
https://ibb.co/Jz6Xgr4

Pages1