Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
wireguard sending traffic, but client is not receiving
« previous
next »
Print
Pages: [
1
]
Author
Topic: wireguard sending traffic, but client is not receiving (Read 3078 times)
errored out
Full Member
Posts: 171
Karma: 3
wireguard sending traffic, but client is not receiving
«
on:
April 30, 2020, 11:42:05 pm »
I have been been able to configure WG with a straight configuration (no port forwarding / using VPN services / etc.) and it works. I've have been fighting with WG for a week now to configure it with port forwarding.
<U>Problem<?U>
I can see the traffic entering WAN (port re1) udp 53 connecting to Wireguard "Local" 192.168.1.1 port 51523.
However, the traffic leaving the WAN to the "endpoint" (client) is port 51523 not 53.
<U>End result wanted<?U>
Receive (inbound) UDP 53 on WAN (re1) which is dynamic.
WAN interface (port re1) udp 53 forwards to VPN interface (port WG0) IP 192.168.1.1 udp port 51523.
(In the future, I would add FW rules allowing access to specific internal IP's and routing to the Internet. But first things first.)
<U>Background<?U>
Gateway (default from initial setup)
Not disabled
Name:WAN GW
Interface:WAN
Add Fam: IPv4
IP: dynamic
Enabled Upstream
Interfaces (ClientAccess)
Device: wg0
IPv4: None
Firewall
WAN
Allow
Proto: IPv4 UDP
Souce: * *
Dest: WAN address 53
GW: *
Port Forward
Interface: WAN
Proto: UDP
source: * *
Dest: WAN Add 53
NAT: 172.24.0.1 51523
<U> Tried the following</U>
Gateway (VPNserver)
Not disabled
Name:VPNserver
Interface:ClientAccess
Add Fam: IPv4
IP: 172.24.0.1
Checked Far Gateway
Checked Disable GW Monitoring
Routes
192.168.1.0/24 to 172.24.0.1
Wireguard "Local"
Checked "disable routes" and added GW 172.24.0.1
NAT Port Forwarding
Interface: WAN
Proto: udp 53
Source: * *
Dest: WAN Add 53
NAT: Client Access Address 51523
NAT OUtbound
Interface: WAN
Source: 172.24.0.1/32 *
Dest: * *
NAT Add: Interface Add 53
(I have multiple rules in Outbound with Interfaces WAN, WG, ClientAccess, with source 172.24.0.1/32, Wireguard network, and with NAT address Interface address, or WAN address. None of these combinations have worked so far.)
I have also tried various configurations with no success.
<U>Things of interest</U>
Added 192.168.1.1/24 to 172.24.0.1
Although disable routes is selected and GW 172.24.0.1 is entered, on system>routes>status 172.24.0.1 is point to a link. I tried to delete which is not being accepted.
local = 192.168.1.1
gw = 172.24.0.1
I have review multiple posts on the forums here as well as guides including
https://homenetworkguy.com/how-to/configure-wireguard-opnsense/
memugmail posts
forum posts 8758.30 and 16116.0
however, nothing covers what this basic configuration. I do not need to route to an external service nor will my external WAN port receiving wireguard traffic match the port the wireguard server "local" will be listening to.
Can anyone help?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
wireguard sending traffic, but client is not receiving