Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard - Problems with LAN access
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard - Problems with LAN access (Read 5971 times)
smithberry
Newbie
Posts: 1
Karma: 0
Wireguard - Problems with LAN access
«
on:
September 30, 2020, 12:00:14 pm »
Hi guys,
I've been trying to get my Wireguard VPN to work the way I want it to for a long time now. Maybe I understand something wrong.
I have a roadwarrior scenario, which means that I have an OPNsense firewall where Wireguard runs as plugin. Behind the OPNsense is a network with a Windows Server 2019 and several Windows clients.
The network is structured as follows:
Fritzbox with IP 10.15.0.1 to WAN of the OPNsense firewall (IP 10.15.0.2). The Fritzbox is also used for DynDNS (MyFritz), because of the DS-Lite problem. I then use Wireguard through a socat tunnel installed on a vServer.
The OPNsense is set as Exposed Host in the Fritzbox. Everything works fine so far.
The LAN is in the address range 10.15.1.0/24. The IP addresses are assigned via DHCP, except for the Windows server and a Windows client. The Windows Server has 10.15.1.10 and the Windows Client has 10.15.1.11.
DHCP Server is a PiHole with the address 10.15.1.2. The names of the Windows Client and the Windows Server are entered there, so that the name resolution in the LAN works. This is also no problem.
The tunnel network is in the range 10.0.0.0/24.
Now my 2 problems:
As I understand it, I enter the LAN as a client with the IP 10.0.0.2, but there I am blocked by the Windows firewall of the clients, probably because the subnet doesn't fit. If I deactivate the firewall, I can access it everywhere. But adjusting the firewall rules is not a great option, because there are many clients in the network.
Probably I have to create a route to travel with a 10.15.1.## IP on the LAN. Unfortunately I have no idea.
Name resolution does not work for the LAN clients. But I can surf normally and get the DNS requests answered by the PiHole, I checked that. Probably this can be solved by 1)
I find dozens of HowTos but my problems are not solved. Is my way of thinking wrong, or am I going about things the wrong way, or are my WireguardVPN requirements abnormal?
Logged
Scanline
Newbie
Posts: 19
Karma: 0
Re: Wireguard - Problems with LAN access
«
Reply #1 on:
October 01, 2020, 10:11:45 pm »
Hi,
I'm just a hobby user, so keep that in mind when you read my answer
Do you have CGNAT, or what is the deal with your VPS?
1.) That's not really a problem of opnsense I am afraid. What you could do is NAT between the two networks, but that should be avoided if possible. Putting both on the same network (bridging) is also possible, but you probably get some unwanted overhead traffic through your wireguard interface.
2.) I don't understand that point. What name resolution doesn't work? You said DNS requests are answered by PiHole, but not resolved?
So far I don't see anything specific to wireguard.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard - Problems with LAN access