Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - austrian-firewaller

Pages1
#1
Virtual private networks / Re: wireguard site 2 site not working
December 09, 2025, 02:10:15 PM
From both firewalls I can ping the tunnel IP and all Hosts from the other Network.
But it is not possible from a host inside a LAN network to get to the other network. Only to the other tunnel IP adress.

So for example, I ping from a host Site B to firewall Site A
192.168.10.190 -> 192.168.1.10
I see in the firewall Liveview (FW B):
LAN IN from 192.168.10.190 to Dest 192.168.1.10
wg OUT from 192.168.10.190 to Dest 192.168.1.10

And on FW Site A I see nothing.
I have allow "all in" traffic on the LAN and wireguard interface on both opensense still nothing...

Now I have created interfaces for the wireguard tunnels still no change.

WG Tunnel it self is stable. Because from my PC (192.168.10.190) i can ping Firewall Site A with 65000 Bytes of load with no dropped packets over longer time.
#2
Virtual private networks / Re: wireguard site 2 site not working
December 09, 2025, 09:16:18 AM
Quote from: Bob.Dig on December 01, 2025, 07:00:06 PM
Quote from: austrian-firewaller on December 01, 2025, 02:46:42 PMwithout creating a interface for wireguard
Create one on both sides.

Why? It should not be necessary? And I think i did that as well, nothing changed. I found other sources telling not to do so.
#3
Virtual private networks / Re: wireguard site 2 site not working
December 09, 2025, 09:15:05 AM
Thank you for your reply.

The allowed IP in Site A:
172.16.0.10/32, 192.168.10.0/24

Site B:
172.16.0.1/32, 192.168.1.0/24

so in each instance it is the fw tunnel IP and the network from the oposite site.
That should be correct right?
#4
Virtual private networks / wireguard site 2 site not working
December 01, 2025, 02:46:42 PM
I have two openSense firewalls both are Version 25.7.7.
I set up wireguard acording to the official documentation, without creating a interface for wireguard.
Wireguard it self, works fine - tunnel is established.

Topology is like that:
Site A: 192.168.1.0/24 - Tunnel IP 172.16.0.1
Site B: 192.168.10.0/24 - Tunnel IP 172.16.0.10

I have an allow -all- rule on the LAN and wg group firewall rule set.
I can ping from site B to the tunnel IP from the firewall on site A, and the other way around.

But I cannot, for christ sake ping any IP adress from one network to the other.. -> I see in the logs the the paket is allowed but ping for example never comes back.
But I can ping the tunneld network directly from the firewall itself.. So I also tried to disable outbound NAT for wireguard, still does not work. So I am clueless.

I would appriciate any help.
Pages1