OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of relief-melone »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - relief-melone

Pages: [1]
1
Virtual private networks / Wireguard - Connection is working but hosts in network do not have connectivity
« on: August 01, 2024, 06:10:29 pm »
I am currently setting up a site2site connection for testing. The Setup is the following

SITE A (up for testing):

- sits in the network of the site and has DHCP on WAN (192.168.x.x/24) provided by the networks router
- has a LAN Interface (10.10.x.x/17) that has no connected machines

SITE B:

- sits in the network as DMZ behind a router
- acts as DHCP DNS and devices in LAN are connected via LAN
- is where the client sits that tries to connect to a device in SITE A's WAN network

Now my problem is the following. The Wireguard connection seems to be working just fine. The OPNSense instances in both locations can ping, curl, etc. each others networks without any issues. However when I am trying to connect from a host in SITE B's network I cannot reach SITE A's hosts (except for the OPNSense instance which is reachable on its WAN as well as LAN address).

If I trace the packets it becomes clear that they reach SITE A. I also see them on the outgoing traffic of the WAN interface. But there does not seem to be a response. Even when I completely opened the WAN interface with ingoing and outgoing rules for the firewall I get nothing. I've been trying and researching all day but am pretty much lost at that point. Would be great if someone had an idea on what I could investigate

2
Virtual private networks / OPNSense behind router - cannot establish wireguard connection
« on: July 10, 2024, 02:38:59 pm »
Hey I am currently testing out some things with opnsense because I want to replace most of/all of my router with it. But for testing this is my current setup

https://imgur.com/a/SEaUkgX


I forwarded the 51820 udp port of my router to the 192.168.100.20 which is the opnsense wan interface. Now I have been reading through the docs and watched some wireguard tutorials. But I cannot get a connection. This is my configuration

I have set up wireguard with one instance.

listen port: 51820
tunnel address: 10.100.200.1/24
peers:
- name: mobile test
  allowedIPs: 10.100.200.205/32
  publicKey: <my-mobile-clients-pub-key>

On my mobile device I

interface
addresses:
- 10.100.200.205/32
peers:
- pubKey: <servers-pub-key>
  allowedIPs: 192.168.100.0/24
  Enpoint: <routers-pub-ip>:51820

However I do not see a handshake or any incoming traffic. The WireGuard app on Android tell me its connected but I guess that is bogus because even if I change around the port it still tells me it was connected without the port even being open on the router. Is there anything I can check that would narrow down where I went wrong?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2