Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Route "the other way" through wireguard
« previous
next »
Print
Pages: [
1
]
Author
Topic: Route "the other way" through wireguard (Read 1257 times)
petersk
Newbie
Posts: 13
Karma: 0
Route "the other way" through wireguard
«
on:
November 16, 2022, 10:48:43 pm »
I have wireguard working from Europe to the US using a GliNet Slate (Slate AX (GL-AXT1800)
https://www.gl-inet.com/products/gl-axt1800/
). The IP CIDR address on that side is 192.168.8.0/23. And my Roku on that side (connected through WIFI) properly streams stuff as if it's in the US.
For Wireguard that device is 172.16.16.4/32, where I have an interface named HomeWireGuard set up under OPNsense. The wireguard server is in the US and is 172.16.16.1/23 with the .4/32 as a peer. The "tunnel address" is 172.16.16.1/23.
I have the client allowing all IPs 0.0.0.0 from Europe to the US and everything is working perfectly or at least, as expected.
What I want now is to allow a device on the US side to connect to the WAN on the European side. What I was thinking is setting up a Roku device on the US side and being able to stream as if I were in the European region. The VPN tunnel should be two-way, right?
I'm thinking I'd have to have the device on the US side have an IP address like 172.16.16.6, but what else do I need to set up in terms of routes, etc.? I looked at trying to go to System: Routes: Configuration, but I don't even see the HomeWireGuard interface there nor wg1. It only has these options on the pull down: Null4 - 127..., Null6 - 127..., and WAN_DHCP- IP.
Any thoughts on how I'd do this? Do I need a new route on the GLiNET side too?
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Route "the other way" through wireguard
«
Reply #1 on:
November 17, 2022, 07:24:18 am »
There is no "way" in routing. Packets need to go both ways.
Check for deny entries in the firewall log. It is much more restrictive inbound.
Bart...
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Route "the other way" through wireguard
«
Reply #2 on:
November 17, 2022, 08:44:01 am »
...but there is a "way" with a stateful firewall as the initial side of the communication counts.
What you want is the setup of a site-to-site WG tunnel. Did you follow the how-to in the opnsense documentation for this (! site-to-site) WG tunnel including NAT?
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
petersk
Newbie
Posts: 13
Karma: 0
Re: Route "the other way" through wireguard
«
Reply #3 on:
November 17, 2022, 04:14:39 pm »
If you're referring to this one, then yes, those steps were done in the follow on one about setting up a wireguard client, unless you know something I didn't see there:
https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
I will check the firewall log as Bart, the other person, suggested, on both links.
I found this one which might get me there. I'm going to try it.
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
OK, I tried doing that link, but it is hard to follow with no specific example. Here's my network layout if someone could lend a hand that would be great.
https://imgur.com/YDQNGUg
K
«
Last Edit: November 19, 2022, 10:14:27 pm by petersk
»
Logged
petersk
Newbie
Posts: 13
Karma: 0
Re: Route "the other way" through wireguard
«
Reply #4 on:
November 20, 2022, 07:07:26 pm »
Bump
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Route "the other way" through wireguard