Messages

Hi,

I'm struggling with port forwarding through WireGuard.
Totally i have 3 conected to each other opnsense and all subnets are fully accessible from each other.
Each office is connected via a separate instance-peer setup, so each WG instance has its own interface.

I am trying to port forward from wan opnsenseA to lan opnsenseB but it only works from the OpnsenseA local networks.

I tried adding a reply-to gateway of the WG interface for Wan rule, but that didn't help either. Maybe I misconfigured the gateway for WireGuard?
( ip of WG instance of opnsenseA (tried B also), monitor ip is lan ip of opnsenseB) opnsenseB has a dynamic Wan ip.


OpnsenseA logs show that everything is working as expected.


Meanwhile, OpnsenseB shows nothing at all...

However, if I try accessing the WAN from the LAN network of OpnsenseA, both OpnsenseA and OpnsenseB logs show activity.
The logs of opnsenseB


Any ideas what I might be missing?

And second question how to debug it? How to check traffic flow to understand what is going wrong?

Добрый день,

Мучаюсь с пробросом портов через wireguard.
Внутри сетей opnsenseA проброс работает как часы но вот через WG тунель победить не могу)

Естественно все 3 opnsense подсети из каждой подсети доступны)

OpnsenseA:
port forwarding from static ip wan to opnsenseB local ip.
Reflection for port forwards and Automatic outbound NAT for Reflection are enabled.
wireguard intarface assigned. Rules - (pass, opnsenseB local nets to opnsenseA local nets).

OpnsenseB:
Reflection for port forwards and Automatic outbound NAT for Reflection are enabled.
wireguard intarface assigned. Rules - (pass, opnsenseA local nets to opnsenseB local nets).

Каждый офис соединен отдельными инстанс - пиир, чтобы для каждой подсети был свой интерфейс.
Итого такой проброс работает только из подсети opnsenseA.
читал что нужно в правиле для данного проброса указать reply-to интерфейс WG. Ок для этого в интерфейсе указываем Dynamic gateway policy, geteway создается указал его reply-to и тоже не фига))) Больше всего раздражает что хрен знает как отловить) в логах opnsesense идет проброс, в логах opnsenseb как будто нихрена не((( при этом если обратится к ван внутри подсети opnsesea то оба лога срабатывают) Надеюсь смог обьяснить! на всех последняя версия Opnsense.

Good day to Everyone)
Sorry if I'm being slow,
I have a similar situation.

<sup>OpnsenseA:
port forwarding from static ip wan to opnsenseB local ip.
Reflection for port forwards and Automatic outbound NAT for Reflection are enabled.
wireguard intarface assigned. Rules - (pass, opnsenseB local nets to opnsenseA local nets).

OpnsenseB:
Reflection for port forwards and Automatic outbound NAT for Reflection are enabled.
wireguard intarface assigned. Rules - (pass, opnsenseA local nets to opnsenseB local nets).</sup>
 

So port forwards works only from opnsenseA network. Can you please explain what i do wrong?
All networks are accessible from both opnsense networks.

There is a 3rd opnsenseC conected to opnsenseA and B, so each instance of WG Opnsense has 2 conections, can it be issue?

Hi,

Can you please help what I did wrong.
local network 10.0
remote 7.0
WireGuard Site-to-Site
Aftter that i have connected tunnel but I have access only to opnsense Ip from both sides.
As I understand something wrong with wireguard firewall rule? Or what screen do you need more?

Both rules mopstly are the same.  1st rule made just for checking
Ping from 10.0 to remote opnsense succes but for other remote machines not.