Author Topic: [SOLVED] Can't access to internet with WireGuard. (Read 2165 times)

zero · « **on:** January 03, 2024, 07:01:00 pm »

I configured WireGuard in the past and it worked properly, but at some point, maybe I misconfigured something, and now, the peers can't access to the internet.
When I connect to the VPN, I can see the handshake in VPN>WireGuard>Diagnostics also the peers can ping and access to internal IP, but it can't reach anything outside my LAN.
Other think to mention is that I have an Unbound DNS Override (a custom domain redirection) configured working with nginx, and it isn't working through the VPN.
I've tried to read logs, but I can't find anything strange.
I'm quite new to OpnSense and this forum and maybe someone can help.
Thank you.

CJ · « **Reply #1 on:** January 04, 2024, 02:45:39 pm »

What does your network look like? What FW rules do you have configured? What do you mean by Unbound DNS Override working with nginx?

zero · « **Reply #2 on:** January 04, 2024, 07:24:01 pm »

Quote from: CJ on January 04, 2024, 02:45:39 pm

What does your network look like? What FW rules do you have configured? What do you mean by Unbound DNS Override working with nginx?

My home network consists in 3 interfaces, WAN, LAN1 (192.168.1.XXX) and LAN2 (192.168.2.XXX).
I have a firewall rule in LAN1 and LAN2 that allows traffic between LAN1 and 2 and since in WireGuard it's configured that peers had an IP like 192.168.10.XXX there is a similar firewall rule but changing the source.
I attach some pictures below:
LAN1

LAN2

WireGuard

Port Forward

By Unbound DNS Override working with nginx, I mean that I run applications like docker portainer on 192.168.1.10:8080, but I've configured a custom domain home.com that redirects all traffic that has home.com to my nginx and the nginx redirect docker.home.com to the docker host.

To sum up the problem:
From LAN1/2 IP I can reach the WireGuard peer with IP 192.168.10.XXX.
From WireGuard peer with IP 192.168.10.XXX I can reach LAN1 and LAN2.
From WireGuard peer I can't reach any home.com domain (but I can reach the IP hosts because they are in LAN1 or 2).
From WireGuard peer I can't reach google.com

vik · « **Reply #3 on:** January 04, 2024, 09:52:25 pm »

did you create the wireguard interface ... its needed to create the "Automatic outbound NAT rule"

zero · « **Reply #4 on:** January 05, 2024, 10:56:19 am »

Quote from: vik on January 04, 2024, 09:52:25 pm

did you create the wireguard interface ... its needed to create the "Automatic outbound NAT rule"

Thank you, it partially solved my problems. I've followed this guide https://docs.opnsense.org/manual/how-tos/wireguard-client.html and now, I can access to the internet but the Unbound DNS Overrides are not working.
Any ideas?

zero · « **Reply #5 on:** January 05, 2024, 11:08:31 am »

Finally solved Unbound DNS Overrides, on the client side I put the DNS pointing to 192.168.1.1

Author Topic: [SOLVED] Can't access to internet with WireGuard. (Read 2165 times)

zero

[SOLVED] Can't access to internet with WireGuard.

CJ

Re: Can't access to internet with WireGuard.

zero

Re: Can't access to internet with WireGuard.

vik

Re: Can't access to internet with WireGuard.

zero

Re: Can't access to internet with WireGuard.

zero

Re: Can't access to internet with WireGuard.