Wireguard and Allowed IPs

[ednt]

Hi,

I just tried out wireguard. In general it is runing now, but ...

I configured several peers for one interface with the same allowed IPs.
The file wg0.conf looks like:

Code Select Expand


[Interface]
Address = 10.10.254.252/24
ListenPort = 51820
PrivateKey = blablabla=
[Peer]
PublicKey = blublublu=
AllowedIPs = 192.168.18.0/24,192.168.252.0/22,10.10.254.2/32
PersistentKeepalive = 30
[Peer]
PublicKey = blobloblo=
AllowedIPs = 10.10.254.45/32,192.168.18.0/24,192.168.252.0/22
PersistentKeepalive = 30
[Peer]
PublicKey = blebleble=
AllowedIPs = 10.10.254.1/32,192.168.18.0/24,192.168.252.0/22
PersistentKeepalive = 30


Keys replaced  ;)

But if I look in List Configuration or with wg show I see:

Code Select Expand


interface: wg0
  public key: blablabla=
  private key: (hidden)
  listening port: 51820

peer: blobloblo=
  endpoint: 80.187.100.125:22729
  allowed ips: 10.10.254.45/32
  latest handshake: 3 minutes, 25 seconds ago
  transfer: 360 B received, 524 B sent
  persistent keepalive: every 30 seconds

peer: blebleble=
  endpoint: 178.132.69.141:51820
  allowed ips: 10.10.254.1/32, 192.168.18.0/24, 192.168.252.0/22
  latest handshake: 11 minutes, 13 seconds ago
  transfer: 132.08 KiB received, 546.62 KiB sent
  persistent keepalive: every 30 seconds

peer: blublublu=
  allowed ips: 10.10.254.2/32
  persistent keepalive: every 30 seconds


So some of the allowed ips are missing. I don't see the fault.
Any ideas?

I also miss the wireguard transfer to a slave OPNsense. Is this in work?

[mimugmail]

WireGuard doesn't work with HA

[johnsmi]

The Networks 192.168.18.0/24 and 192.168.252.0/22 can only be routet from OPNsense to one client at the same time.

OPNsense LAN/DMZ/...
10.10.254.252/24 OPNsense Tunnel Network
| Tunnel
10.10.254.x/32 Client
192.168.18.0/24,192.168.252.0/22 Networks behind Client.


In case you want it the other way round, i.e. if OPNsense-Lan is 192.168.18.0/24, then you have to remove the network form server wg0.conf. Put it into the conf at the client.