Can't access LAN from WireGuard VPN client

Started by guest36829, February 06, 2023, 12:32:27 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 09, 2023, 03:48:41 PM #15
Yes, that's correct, I can connect and access the internet but can't access LAN. See attached for my LAN and OPT1 (the interface the wireguard and wireguard client is on). My wireguard client is on 10.0.1.2 and I'm trying to access my LAN resource on 10.0.0.30 (10.0.0.0/24 is my LAN).

LAN:

OPT1:
February 09, 2023, 04:44:43 PM #16
Wow! Smaller please.
February 09, 2023, 05:27:51 PM #17
Fixed. That's why I uploaded them as links at first. This forum doesn't seem to deal with large/hdi images very well  :P
February 09, 2023, 05:48:45 PM #18
That helps a lot, thanks.
I do think you're missing the part from here https://homenetworkguy.com/how-to/configure-wireguard-opnsense/#optional-add-firewall-rules-to-access-internal-networksdevices
It appears to me you want to create the rules on OPT1 to allow in the traffic. You would do it selectively as per the tutorial but as a blank test you could create the "allow all" rule:
Option   Value
Action   Pass
Interface   OPT1
TCP/IP Version   IPv4
Protocol   any
Source   OPT1 net
Source Port   any
Destination   OPT1 address
Destination Port   any
Description   Allow all access to the WG interface
February 09, 2023, 06:06:45 PM #19
I tried adding this but no luck, I don't have access to the LAN.

February 09, 2023, 06:46:49 PM #20
How do you know you're using the internet through the tunnel when connected?
What test did you do?

Your first rule on the LAN is useless, the OPT can never be a source on the LAN interface.

If you had no rules on the OPT nothing would be allowed on it.
February 09, 2023, 10:25:51 PM #21
I can see it going through my firewall and packet capture works on it, I stated this earlier and provided a picture.
February 09, 2023, 11:45:45 PM #22
Network-wise it seems OK at the moment.
Perhaps it's time to verify that indeed there's a response from the end point back to the requesting client.
Since it appears from what I read that you see no returns in your packet captures or firewall logs.
Maybe a different application or the application logs.
February 10, 2023, 02:27:56 AM #23
What are you trying to access on your LAN?
If you are only trying a single pc the whole time, it may be a software firewall blocking you.

Can you access the routers webgui?
February 10, 2023, 01:40:17 PM #24
Well I have solved this issue now.

I looked into maybe there being a software firewall, it looks like there wasn't one enabled but I did try to ssh into some other devices on the network, and it appears I could. and I could access the webgui too. So it turns out this one particular vm on my server (the one that happens to have all my services that I'd want to access) had something very, very wrong with it's network configuration. It wasn't able to receive any connections from outside the subnet. I'm not sure exactly what was causing it so I decided to just do a full reinstall and setting up the docker containers once again, everything seems to work.

Thanks for all the help everyone, it helped lead me in the right direction. I appreciate it.
February 10, 2023, 02:20:06 PM #25
Glad to hear
Print
Go Up Pages 1 2
User actions