Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Help request: Wireguard full tunnel routing for external client
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help request: Wireguard full tunnel routing for external client (Read 1011 times)
Amanaki
Newbie
Posts: 39
Karma: 2
Help request: Wireguard full tunnel routing for external client
«
on:
March 07, 2022, 10:39:55 pm »
I have a simple setup with single LAN only network 10.34.10.10/24 and a wireguard client configured for VPN access to external VPN provider. For DNS, I am using a template to forward all DNS requests to NextDNS anycast servers. All clients on LAN network are policy based routed to external VPN and are working as expected.
Today, I added a new external client device using Road Warrior and got a connection to OPNsense but cannot seem to route the client back out over my existing Wireguard VPN tunnel connection.
Have tried various different methods but the client only returns my WAN ip address instead of my VPN providers addresss. Settings are as follows:
---------------------
Servers (OPNsense):
VPN: WireGuard > Local:
Interface: WG0
Listen: 51821
Tunnel address: 10.11.1.52/16
DNS: Blank
Peers: VPN_PROVIDER
Disable Routes: Checked
Gateway: 10.11.1.51
Monitor IP: VPN provider IP address
Interface: WG1
Listen: 51831
Tunnel address: 172.16.16.2/24
DNS: Blank
Peers: iPAD_CLIENT
Disable Routes: Unchecked
Gateway: Blank
Monitor IP: Blank
------------------------------------
Clients (OPNsense):
VPN: WireGuard > Endpoints:
Name: VPN_PROVIDER
Allowed IPs: 0.0.0.0/24
Endpoint Address: VPN provider address
Endpoint port: 51822
Name: iPAD_CLIENT
Allowed IPs: 172.16.16.20/32
Endpoint Address: Blank
Endpoint port: Blank
------------------------
External Remote Client (iPAD):
Addresses: 172.16.16.20/32
Listen port: 51831
DNS: Blank
Peer:
Allowed IPs: 0.0.0.0/0
Endpoint: a.b.c.d:51831
------------------------------------------
NAT and Rules (OPNsense):
Firewall: Rules: WAN
Interface: WAN
Direction: In
Proto: UDP
Source: any
Ports: any
Destination: WAN address
Destination Port: 51831
Firewall: Rules: Wireguard (Group)
None
Firewall: Rules: WG0
None
Firewall: Rules: WG1
None
Firewall: Rules: LAN
Interface: LAN
Direction: In
Proto: TCP/UDP
Source: ALL_CLIENTS (Alias for all LAN clients)
Destination invert: Checked
Destination: PRIVATE_NETWORKS (Alias for RFC1918_Networks)
Ports: WAN_SERVICE_PORTS (Alias containing service ports)
Gateway: WG0 Gateway (to VPN provider)
Firewall: NAT: Outbound
Interface: WG0
Source: Local_Networks (Alias) 10.34.10.10/24
NAT Address: Interface Address
How can I properly route all traffic from my external client down existing VPN provider tunnel?
TIA.
Manaki
«
Last Edit: March 07, 2022, 11:32:24 pm by Amanaki
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Help request: Wireguard full tunnel routing for external client