"
v25.1.11 in DEC 850.
Wireguard macOS peer client app.
I have two working WireGuard VPN instances running ok, each with its own interface assignment and no peers with split tunnels:
• one for LAN only over vpn
(its peer can access the file server on the LAN ok but can't browse the internet because of a related LAN-only firewall rule)
• one for internet only over vpn
(its peers can browse the web and whatismyipaddress shows their public IP address is OpnSense's instead of their ISP's and they can't access the LAN)
SPLIT TUNNEL
Today, I spent hours trying to create a split tunnel in several test peers so they can connect to the LAN but browse the internet over their own ISP instead of the vpn's.
The documentation seems simple, but I'm missing something.
For new peer tests with the LAN_only instance, I replaced Allowed IPs 0.0.0.0/0, :::/0
with the LAN network 10.1.10.0/24
Though the peer then browsed the internet over its ISP instead of the vpn, it couldn't access the LAN's file server anymore (10.1.10.99).
Huh???
Yet I can ping it -- 10.1.10.99.
But macOS won't connect to smb://10.1.10.99 as does fine with the default Allowed IPs in the peer.
By design I can't reach, including ping, other nodes on 10.1.10.0.
Then I changed Allowed IPs to 10.1.10.0/24, 10.25.25.0/24 (the latter is the vpn peer range) but the same thing happened.
How did specifying the LAN net(s) break the peer's access to the same LAN?
When I created a test peer with the default Allowed IPs 0.0.0.0/0, :::/0, the peer could again connect to the LAN's file server (smb://10.1.10.99) but by design couldn't browse anything on the internet because of its related LAN-only firewall rule.
I feel like it's gaslighting me. I'm sleep deprived and probably missed something obvious.
Wireguard macOS peer client app.
I have two working WireGuard VPN instances running ok, each with its own interface assignment and no peers with split tunnels:
• one for LAN only over vpn
(its peer can access the file server on the LAN ok but can't browse the internet because of a related LAN-only firewall rule)
• one for internet only over vpn
(its peers can browse the web and whatismyipaddress shows their public IP address is OpnSense's instead of their ISP's and they can't access the LAN)
SPLIT TUNNEL
Today, I spent hours trying to create a split tunnel in several test peers so they can connect to the LAN but browse the internet over their own ISP instead of the vpn's.
The documentation seems simple, but I'm missing something.
For new peer tests with the LAN_only instance, I replaced Allowed IPs 0.0.0.0/0, :::/0
with the LAN network 10.1.10.0/24
Though the peer then browsed the internet over its ISP instead of the vpn, it couldn't access the LAN's file server anymore (10.1.10.99).
Huh???
Yet I can ping it -- 10.1.10.99.
But macOS won't connect to smb://10.1.10.99 as does fine with the default Allowed IPs in the peer.
By design I can't reach, including ping, other nodes on 10.1.10.0.
Then I changed Allowed IPs to 10.1.10.0/24, 10.25.25.0/24 (the latter is the vpn peer range) but the same thing happened.
How did specifying the LAN net(s) break the peer's access to the same LAN?
When I created a test peer with the default Allowed IPs 0.0.0.0/0, :::/0, the peer could again connect to the LAN's file server (smb://10.1.10.99) but by design couldn't browse anything on the internet because of its related LAN-only firewall rule.
I feel like it's gaslighting me. I'm sleep deprived and probably missed something obvious.
