Wireguard tutorial for client use?

Started by tusc, August 29, 2019, 03:08:02 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 29, 2019, 03:08:02 AM Last Edit: August 29, 2019, 05:41:40 PM by tusc
Now that 19.7.3 is out I though I'd try to setup Wireguard with my Mulvad account. I'd like to use policy routing so only a subset of clients in the LAN route through the Wireguard tunnel. Are there any guides out there on how to set this up similar to the openvpn guides? Everything I find on Wireguard and OPNsense is about road warriors. Thanks.

August 29, 2019, 04:47:30 PM #1
It's always good to have a wineguard. Keeps care not to drink too much alcohol  ::)
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
August 29, 2019, 05:42:10 PM #2
LOL. I didn't catch that typo. Fixed now. Thanks!
August 29, 2019, 05:56:28 PM #3
Have you read Mullvad Guide at OPNsense Docs?
August 29, 2019, 07:13:24 PM #4 Last Edit: August 29, 2019, 08:07:17 PM by tusc
Quote from: mimugmail on August 29, 2019, 05:56:28 PM
Have you read Mullvad Guide at OPNsense Docs?

This link? https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

I have. I can establish a tunnel to Mullvad. My issue is figuring out the rest, what NAT rules to add for policy routing, what should "allowed IPs" be set to, what should the gateway IP address be set to?

*EDIT*

Ok,

I think I have everything in place, the NAT outbound rule, FW LAN rule with the gateway selected. Unfortunately the gateway shows as defunct and I cannot get traffic through the tunnel.
September 01, 2019, 06:11:07 AM #5
Quote from: tusc on August 29, 2019, 07:13:24 PM
Quote from: mimugmail on August 29, 2019, 05:56:28 PM
Have you read Mullvad Guide at OPNsense Docs?

This link? https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

I have. I can establish a tunnel to Mullvad. My issue is figuring out the rest, what NAT rules to add for policy routing, what should "allowed IPs" be set to, what should the gateway IP address be set to?

*EDIT*

Ok,

I think I have everything in place, the NAT outbound rule, FW LAN rule with the gateway selected. Unfortunately, the gateway shows as defunct and I cannot get traffic through the tunnel.

You have to put an IP address in the gateway or it won't work.

I have my wireguard server running on a VPS, and I am unable to get policy-based routing to work using a created gateway for wireguard. I have to route all of the LAN subnet out the wireguard interface. But I was able to selectively bypass wireguard with aliases and using the WAN gateway.
September 01, 2019, 07:19:10 AM #6
Let's say your WG server has tunnel address 10.1.1.1 and your WG client has 10.1.1.10. Then you create on the WG client a gateway in interface WG (it has to be assigned) with gateway IP 10.1.1.1. And with 19.7.3 you have hidden behind advanced field in local instance (still on client) a Gateway field. There you also type 10.1.1.1 and restart the daemon.

Now you can set policy routes via rules.
Print
Go Up Pages1
User actions