"
thats make sense Patrick.
thank you for your explanation,you have solve my problem.
thank you for your explanation,you have solve my problem.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
Virtual private networks / Re: Admin access over Wireguard
July 30, 2025, 04:17:14 PM
i want to connect from the wireguard instead of the vlan client to have an extra layer of security.
#3
Virtual private networks / Re: Admin access over Wireguard
July 30, 2025, 04:15:54 PM
ok i see, maybe my falt
i need to create an alias for the client defined in the wireguard vpn peers (ip) instead of the vlan client linux_pc
then i create a rule for wireguard that allow from source wireguard peer(linux_pc1) destination this firewall
is that will work
i need to create an alias for the client defined in the wireguard vpn peers (ip) instead of the vlan client linux_pc
then i create a rule for wireguard that allow from source wireguard peer(linux_pc1) destination this firewall
is that will work
#4
Virtual private networks / Re: Admin access over Wireguard
July 30, 2025, 04:06:37 PM
i place that rule on vlan network, but on the wireguard rule i need to include also??
if i dont while im connect from the linux_pc vlan with wireguard client i loose connection
or better what rule should i put on wireguard to allow access from linux_pc that use a wireguard client
vlan linux---->linux_pc------->wireguard client linux pc
if i dont while im connect from the linux_pc vlan with wireguard client i loose connection
or better what rule should i put on wireguard to allow access from linux_pc that use a wireguard client
vlan linux---->linux_pc------->wireguard client linux pc
#5
Virtual private networks / Re: Admin access over Wireguard
July 30, 2025, 04:00:00 PM
the linux_pc is the ip address of a machine inside a vlan that connect to the wireguard client
#6
Virtual private networks / Re: Admin access over Wireguard
July 30, 2025, 03:34:47 PM
it only work if i set the wireguard firewall rule as
source wireguard net and destination this firewall
which mean the all wireguard vpn have access
when i change the firewall wireguard rule to
source linux_pc and destination this firewall i loose connection with the web gui.
source wireguard net and destination this firewall
which mean the all wireguard vpn have access
when i change the firewall wireguard rule to
source linux_pc and destination this firewall i loose connection with the web gui.
#7
Virtual private networks / Re: Admin access over Wireguard
July 30, 2025, 02:50:17 PM
hello Patrick
i have a similar issue with restricting the Gui web access only to a specific client of wireguard
i have create an alias for the machine with a specific ip address
i set listen interface to all
from wireguard theclient allowed ip is 0.0.0.0/0,::/0
from firewall rule i set a rule with allow the source wireguard net to destination This firewall.
now if i want to limit the access to the firewall to a specific wireguard client i create a nat port forward rule as you suggested.
Firewall: NAT: Port Forward
Interface Proto Address Ports Address Ports IP Ports
wireguard TCP/UDP Linux_PC 443 (HTTPS) This Firewall 443(HTTPS) 127.0.0.1 443 (HTTPS)
is that will work?
i have a similar issue with restricting the Gui web access only to a specific client of wireguard
i have create an alias for the machine with a specific ip address
i set listen interface to all
from wireguard theclient allowed ip is 0.0.0.0/0,::/0
from firewall rule i set a rule with allow the source wireguard net to destination This firewall.
now if i want to limit the access to the firewall to a specific wireguard client i create a nat port forward rule as you suggested.
Firewall: NAT: Port Forward
Interface Proto Address Ports Address Ports IP Ports
wireguard TCP/UDP Linux_PC 443 (HTTPS) This Firewall 443(HTTPS) 127.0.0.1 443 (HTTPS)
is that will work?
#8
General Discussion / Re: Vlan not isolated
July 06, 2025, 08:16:30 PM
thanks i found it.
i found a strange rule set to the floating rule allow anything from anywhere.
i delete this rule now my vlan are isolated.
Thanks for the support Guys
i found a strange rule set to the floating rule allow anything from anywhere.
i delete this rule now my vlan are isolated.
Thanks for the support Guys
#9
General Discussion / Re: Vlan not isolated
July 06, 2025, 08:02:42 PM
hi viragomann
how i flush the states in opnsense
how i flush the states in opnsense
#11
General Discussion / Vlan not isolated
July 06, 2025, 06:46:19 PM
Hello All
my setup
Opnsense act as gateway
switch usw lite 8 poe
two unifi u6 pro wireless ap
From opnsense have setup a bunch of Vlan parent with my lan network
i have created the interfaces, dhcp server and firewall rules for every single Vlan.
on the firewall rules i have the rule which block the connection to internal private ip.So i should be isolated from the rest of my network.
That is strange because i can ping any other vlans and the firewall
this is something that i need to modify from the switch side? or i need to buy a unify switch that support the ACl capability.
Im confuse.
Anybody encore in this scenario.
please help
my setup
Opnsense act as gateway
switch usw lite 8 poe
two unifi u6 pro wireless ap
From opnsense have setup a bunch of Vlan parent with my lan network
i have created the interfaces, dhcp server and firewall rules for every single Vlan.
on the firewall rules i have the rule which block the connection to internal private ip.So i should be isolated from the rest of my network.
That is strange because i can ping any other vlans and the firewall
this is something that i need to modify from the switch side? or i need to buy a unify switch that support the ACl capability.
Im confuse.
Anybody encore in this scenario.
please help
#12
Virtual private networks / Re: setup wireguard multi istances for different VLANS
July 02, 2025, 02:49:44 AM
I resolve it adding a static route for each wireguards VPN istances.from System -> Routes -> Contiguration then add my subnet
#13
Virtual private networks / Re: Wireguard NOT working anymore at all - No handshake but 1xIN + 1xOUT Green in FW
July 02, 2025, 02:48:54 AM
Thanks luckylinux
I hade the same problem creating multiple istances in Wireguard with no connection.
I hade connection only on one istance.
I resolve it adding a static route for each wireguards VPN istances.from System -> Routes -> Contiguration then add my subnet
Best effort Mate.
You solve the issue.
Regards
I hade the same problem creating multiple istances in Wireguard with no connection.
I hade connection only on one istance.
I resolve it adding a static route for each wireguards VPN istances.from System -> Routes -> Contiguration then add my subnet
Best effort Mate.
You solve the issue.
Regards
#14
Virtual private networks / setup wireguard multi istances for different VLANS
June 30, 2025, 12:29:22 PM
Hello All
i have manged to setup wireguard instance with peers on my opnsense 25.1.9 which works on my local network with No access from the outside.(no rules for WAN).I did not include a new gateway, I follow the guide road warrior.
Everything works. i have connection and handshake.
Now i want to create new instances (wg1,wg2,wg3..)to fit in every Vlans.This because i like to assign different firewall rules in base on Vlans.
I recreate the same procedure as my first istance (new interface, new firewall rule, new istance, new peer) but i have no connection.I tested with tcpdump
Im stuck .What do i need to incorporate to my new interfaceI have tried to check the option in the interface "Dynamic gateway policy" to create a different gateway but that want not work.
client do not comunicate with the wireguard server
Which log do I need to provide ?
Any help please..
Thanks
i have manged to setup wireguard instance with peers on my opnsense 25.1.9 which works on my local network with No access from the outside.(no rules for WAN).I did not include a new gateway, I follow the guide road warrior.
Everything works. i have connection and handshake.
Now i want to create new instances (wg1,wg2,wg3..)to fit in every Vlans.This because i like to assign different firewall rules in base on Vlans.
I recreate the same procedure as my first istance (new interface, new firewall rule, new istance, new peer) but i have no connection.I tested with tcpdump
Im stuck .What do i need to incorporate to my new interfaceI have tried to check the option in the interface "Dynamic gateway policy" to create a different gateway but that want not work.
client do not comunicate with the wireguard server
Which log do I need to provide ?
Any help please..
Thanks
#15
Virtual private networks / Re: [SOLVED] Wireguard selective routing
February 19, 2025, 01:32:16 AMQuote from: nikkon on October 27, 2024, 04:49:42 PMI got the rule fixed. Thanks Bob.Dig
you helped me fixed this
my VLAN10 rule was wrong
What is your rule fixed
