Messages

46

21.7 Legacy Series / Re: Wireguard road warrior (followed default guide) - all work but cant ping clients

« on: November 30, 2021, 09:48:25 pm »

Sorry if I made the previous one too small. I can post again if need be.

Here is second.

47

21.7 Legacy Series / Re: Wireguard road warrior (followed default guide) - all work but cant ping clients

« on: November 30, 2021, 09:47:29 pm »

Most are on the road but I have my phone here:

The allowed ips are:
192.168.200.0/24, 192.168.2.0/24, 0.0.0.0/0

Have to do 1 ss at a time. I have one more to post after.

P

48

21.7 Legacy Series / Re: Wireguard road warrior (followed default guide) - all work but cant ping clients

« on: November 30, 2021, 09:20:41 pm »

For clarification:

192.168.2.0/24 - internal LAN

192.168.200.0/24 - Wireguard IP Range.

49

21.7 Legacy Series / Re: Wireguard road warrior (followed default guide) - all work but cant ping clients

« on: November 30, 2021, 09:19:02 pm »

From Opnsense no issue pinging the wg clients or itself. Also the WG clients can access anything and ping anything. I didnt bother getting a ss of that.

50

21.7 Legacy Series / Re: Wireguard road warrior (followed default guide) - all work but cant ping clients

« on: November 30, 2021, 09:16:33 pm »

And realize some rules are not needed - I was testing as it does not work.

51

21.7 Legacy Series / Re: Wireguard road warrior (followed default guide) - all work but cant ping clients

« on: November 30, 2021, 09:15:27 pm »

OK!

52

21.7 Legacy Series / Re: Unable to open specific website

« on: November 30, 2021, 05:56:03 pm »

Strange thing for me is that sometimes I can load the site and other times I cant so its like the site works sometimes. I noticed because on checking again after it worked first time I suddenly couldnt access it. now its working again.

53

21.7 Legacy Series / Re: Unable to open specific website

« on: November 30, 2021, 04:52:10 pm »

Maybe you use blocking like ids or something because works for me.

54

21.7 Legacy Series / Re: Wireguard road warrior (followed default guide) - all work but cant ping clients

« on: November 30, 2021, 02:12:46 pm »

Ok thank you for replying. Its appreciated you took the time to think about it.

With regards to my setup it is as follows. However at this exact moment its a little different as last night I did a load of testing (all made no difference) where I tired adding gateways, disabling automatic routes, adding manual routes, trying different things on outbound nat, removing interfaces adding interfaces etc. However seems like there is zero difference regardless what I do.

When you follow the opnsesne wireguard roadwarrior guide you end up with the auto generated wireguard interface and another one you make that if you look in interfaces - overview has the IP address you set under local- tunnel address.

So for example my LAN is 192.168.2.0/24 and the local tunnel address of WG interface is 192.168.200.1/24.

A client connects and is assigned an IP like 192.168.200.10/32 (ie by wireguard config).

So what is working? So basically everything important. The firewall itself can ping the 192.168.200.10 and the client on 192.168.200.10 can access any lan device and ping any lan device or the firewall on both 192.168.200.x range and 192.168.2.x range (so LAN and WG ranges work from the connecting roadwarrior side essentially).

However the LAN clients cant ping a wg ip. So for example if I am on a pc with 192.168.2.12 as its IP behind the firewall I cant ping 192.168.200.1 (the firewalls wg IP). I also cant ping 192.168.200.10 (A clients IP over the wg tunnel). I believe services cant be accessed either (eg I cant telnet to 192.168.100.10 on port 80).

So the traffic from LAN - a wireguard IP does not work. Im not sure if this is by design or not. Is it possible you are not allowed to try ping these IP's as they are exclusively for only clients on the WG tunnel? I assumed the firewall could or would know how to route a packet around its own interfaces to be able to reply to a ping but maybe I am wrong. I am using the kernel version of WG if that makes a difference. It could be I am expecting something that is not really designed to work.

P

55

21.7 Legacy Series / Re: I cant work out how everyone else managed to get mtu of 1500 working on pppoe

« on: November 30, 2021, 02:03:29 pm »

What you have all said makes sense. I am continuing to investigate further.

56

21.7 Legacy Series / Wireguard road warrior (followed default guide) - all work but cant ping clients

« on: November 29, 2021, 05:07:31 pm »

Has anyone else ever had an issue where if you follow the guide to the Wireguard Roadwarrior setup everything works except from a LAN client you cant ping a WG client thats connected?

57

20.7 Legacy Series / Re: GeoIP-Alias error after updating to 20.7.2

« on: November 29, 2021, 03:23:52 am »

Strange, solution worked perfect for me... did you reboot after and double check you made the change?

58

21.7 Legacy Series / Re: I cant work out how everyone else managed to get mtu of 1500 working on pppoe

« on: November 29, 2021, 03:22:54 am »

No worries thanks for trying to help anyway. Yes its a unifi switch and has an option... I will sit on this problem for a while and if I notice anything will post back but as there is no immediate answer will require me to do some digging around on my own to try make progress...

59

21.7 Legacy Series / Re: I cant work out how everyone else managed to get mtu of 1500 working on pppoe

« on: November 26, 2021, 05:06:45 am »

No actually I dont have that setup. I have a normal RJ45 connection going from the wan port of the firewall to the switch which the switch vlan tags and then an SFP module in a different port on the same switch which is also on that same vlan as the connection is fiber and I cant plug that directly into the firewall as there are no ports to accommodate it. As far as I know everyone else on Bell Fibe has it working or at least they claim to have it working on the posts I have read at 1500 MTU.

60

21.7 Legacy Series / Re: I cant work out how everyone else managed to get mtu of 1500 working on pppoe

« on: November 25, 2021, 08:33:16 pm »

Im at a loss why it doesnt work then. I have a switch that should allow it, and set all the options as others did but simply doesnt work