Wiregaurd with VLAN selective routing

Started by sircurse, March 25, 2023, 02:12:49 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 25, 2023, 02:12:49 AM
Hi there,

I m sorry for being another one asking it, but I have been spenting 2 days already trying different suggestions here and followed this tutorial from (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) about 10 times now, always deleting everything and starting from scratch to make sure I m not missing something.

But anyway... I cannot make the traffic pass trhu the tunnel, for me looks like the tunnel is up and running, it is renewing the handshake time to time and the traffic counter is growing due to the negotiations etc... But at the end I cannot make the traffic from a specific VLAN be routed thru the Wiregaurd tunnel.

I m new to OPNsense too, so I guess there is more behind the scenes than just this guide on the link.
Do someone have photos of examples on how to setup it?

Just for information, the vlan is working fine, i have allowed it to run over the wan interface and I could navigate without problem, it is only thing I believe I configured accordingly.

Thanks in advance,
Curse.
March 25, 2023, 02:26:43 AM #1
It would probably be more productive for you to post screenshots of all your configs (masking private keys), as your situation will be different to others.
March 25, 2023, 12:28:00 PM #2 Last Edit: March 25, 2023, 12:56:42 PM by sircurse
Hi, sure mate! I think I dont know how to post the image directly to the post... hope this works:
screenshot01:



screenshot02:



screenshot03:



screenshot04:
March 25, 2023, 02:34:53 PM #3
You're missing some of the most important info - your WG configs and the gateway, for example.

Can I suggest that you show what you have set up for each step of the wiki how-to?
March 25, 2023, 08:42:33 PM #4
My bad, I really missed that ones, here we go:

Gateway config


WG local


WG peer
March 26, 2023, 12:47:59 AM #5
Several things (making some assumptions about tunnel IPs based on what you have currently):

- Gateway config - IP address should be 10.5.0.1. Remove the monitor IP for the time being (once the tunnel is working you can run a traceroute to figure out what the VPN tunnel IP is at the VPN provider's end, unless you already know that)

- OPNsense local config - Tunnel address should be 10.5.0.2/32 - I am assuming this is what your VPN provider has said should be set as the tunnel IP at your end

- OPNsense endpoint config - Allowed IPs should just be 0.0.0.0/0
March 26, 2023, 01:07:01 AM #6 Last Edit: March 26, 2023, 01:44:35 AM by Greelan
Might actually be a good idea to share your configuration info that you have from your VPN provider to ensure that I have that straight. Otherwise the assumptions I am making may be totally wrong

I see you are using NordVPN. They make it trickier to get config info due to their preference that users use their NordLynx application (at least they used to)
March 26, 2023, 01:45:47 AM #7 Last Edit: March 26, 2023, 01:48:36 AM by sircurse
The tunnel is working, the other side of the tunnel is actually the 10.5.0.1.
After I changed the Gateway to that IP I finally got the connection!

That made the trick, thanks mate!

March 26, 2023, 03:10:07 AM #8
Yeah, that IP is the Nord endpoint. So you are not setting a local gateway IP. Might update the guide to allow for this
Print
Go Up Pages1
User actions