Having trouble accessing LAN through wire-guard, road-warrior setup.

Started by moge11, August 11, 2023, 01:31:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 11, 2023, 01:31:24 AM
Hello,
I'm fairly new to OpnSense and networking in general. I'm currently setting up my home lap and my setup looks something like this:

The remote server is a rented one from AWS which acts as my VPN Server since I'm behind a NAT and thus DynDNS isn't working, meaning I configured OpnSense to connect to the Server automatically and when I connect my Laptop to the VPN Network on the Server I'm able to access the Web interface of OpnSense via the 10.10.17.0/24 Network. Meaning the VPN Network itself works.
What I would like to do now is to access my personal server and other devices in my home network while I'm remote.
I tried to follow this guide https://docs.opnsense.org/manual/how-tos/wireguard-client.html without success, also I tried following posts https://forum.opnsense.org/index.php?topic=32344.0 and https://homenetworkguy.com/how-to/configure-wireguard-opnsense/.
My current config looks like this.
I have a three interfaces
LAN - local network 192.168.2.0/24, DHCP
WAN - access to internet, connected to my Fritzbox internet access works
olymp - wireguard interface 10.10.17.0/24

Firewall rules for LAN:


Firewall rules for WAN:


Firewall rules for olymp:


I'm grateful for any help!
Moritz
August 11, 2023, 01:54:28 AM #1
Did you add 192.168.2.0/24 to the allowed IPs of the endpoint configs on the laptop and the AWS server ("home" endpoint)? Or do you use NAT?

Btw, you don't need the outbound rule on the LAN interface. Outbound is allowed by default.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
August 11, 2023, 10:45:39 AM #2
Yes I added the 192.168.2.0/24 as allo ed IP on both the AWS and Laptop. No and I don't use NAT, at least not that I would know of.

Oh thanks!
August 11, 2023, 12:10:23 PM #3
I have also tried to do a trace route from my laptop over the AWS Server (10.10.17.100) and OpnSense router (10.10.17.101) to a server on the private network (192.168.2.51)

And as a sanity check, I tried pinging my server (192.168.2.51) directly from the router shell, which worked.
August 11, 2023, 12:16:51 PM #4
Does the server 192.168.2.51 allow pings from addresses outside the local subnet?
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
August 11, 2023, 02:53:40 PM #5
Yeah it seems there is a problem on that one server, I just connected a different device to the local net and I was able to reach it. Thanks for the help!
Print
Go Up Pages1
User actions