How to pcap on Wireguard site-to-site?

Started by chemlud, December 01, 2020, 04:14:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 01, 2020, 04:14:34 PM
Hi again!

Have here a Wireguard site-to-site tunnel between 2x OPNsense 20.7.4, all working. The remote sense does the DNS for the local network (DHCPv4 hands out the remote LAN address of sense as DNS). That works just fine.

On the local sense I can pcap on the LAN and see the packages for DNS coming and replies from remote sense flowing back. Fine.

But if I do a pcap (Interfaces -> Diagnostics) on the LAN of the remote sense, I don't see any DNS packages at all (also tried WAN interface, but doesn't help). So the packages flow through the tunnel, but are invisible for pcap on the sense doing the DNS requests.

On the sense doing the DNS I had to assign an interface (otherwise no FW-rules tab was generated), but the interface is not activated. Should that be enabled? Would that help for the pcap problem?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
December 01, 2020, 07:49:18 PM #1
Via console

tcpdump -n -i wg0
Print
Go Up Pages1
User actions