OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • Partiell routing over Wireguard connection
« previous next »
  • Print
Pages: [1]

Author Topic: Partiell routing over Wireguard connection  (Read 1107 times)

JasMan

  • Full Member
  • ***
  • Posts: 175
  • Karma: 9
    • View Profile
Partiell routing over Wireguard connection
« on: May 29, 2022, 02:15:52 pm »
Hey,
I've connected two sites over a Wireguard VPN connection. There's an OPNsense at site A and a OpenWRT router at site B.
Everything works fine. Each site can reach the internal addresses of the other site over the WG tunnel.

Now I want to route a hugh amount of external addresses from site A over the Internet connection of site B.

I've tested it already successfully with an single IP address. I've added the single IP address to the WG peer configuration on the OPNsense as allowed IP, created a FW rule for the traffic to this address and choosed the WG gateway of site B as gateway.

But it's not very conveniant for more than a few addresses, because I've to add them all to the WG peer configuration as allowed addresses.
So I added 0.0.0.0/0 instead, but then I've two default routes on the OPNsense and the WG route is prefered. Every external traffic is routed to site B then.

Next try: I disabled the routes in the local WG configuration of the OPNsense to prevent routing entries for the WG tunnel allowed IP addresses. That works perfect at site A. But in this case, site B is not able to reach the clients at site A anymore. The packet arrives at the host at site A, but the answer packets are routed back over the default route of site A, means to the Internet.

Did I missed something? Or what would be the preffered solution for my needs?

Thanks.
Jas Man
Logged
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose

defaultuserfoo

  • Full Member
  • ***
  • Posts: 191
  • Karma: 7
    • View Profile
Re: Partiell routing over Wireguard connection
« Reply #1 on: May 29, 2022, 08:01:54 pm »
What are you trying to accomplish?
Logged

JasMan

  • Full Member
  • ***
  • Posts: 175
  • Karma: 9
    • View Profile
Re: Partiell routing over Wireguard connection
« Reply #2 on: May 30, 2022, 03:45:25 pm »
It seems that I've latency issues with some CDNs at site A.
Site B is using a different ISP, and they don't have this latency issues.

I was not able to find the cause so far.
And the only difference between the both location is, that the last three hops to the CDN servers are different. Therefore I would like to do some tests from location A over location B.
Logged
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose

defaultuserfoo

  • Full Member
  • ***
  • Posts: 191
  • Karma: 7
    • View Profile
Re: Partiell routing over Wireguard connection
« Reply #3 on: May 30, 2022, 10:12:34 pm »
How about you use a tunnel (if you want through a wg tunnel) to route through the tunnel?  Maybe that would remove the need to add all the IP addresses to the wireguard config.

IIUC there is versions of VPN that aren't routed and which act as if you would use a (long) network cable between two sites.  Maybe wireguard isn't the right tool for your purpose.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • Partiell routing over Wireguard connection
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2