Author Topic: New Wireguard Setup (Read 3256 times)

fields987 · « **on:** January 29, 2021, 05:43:01 am »

I've currently wireguard setup on a raspberry pi (pivpn) and port forwarding is set up. From a wireguard peer, I can browse internet over tunnel and access lan resources.

I've recently set up OPNSense and started playing with the wireguard plugin but I cant seem to get the config right. I've followed this guide through step 2b. https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I am able to connect my ios peer to my OPNSense wireguard instance, but dont have any lan or wan access past that. Am I missing a translation or route between my tunnel vlan 10.98.7.0/24 and lan vlan 192.168.2.0/24? I feel like im missing something easy, but I'm just too new to OPNSense to know how to fix it.

Thanks!

Greelan · « **Reply #1 on:** January 29, 2021, 06:53:53 am »

I found using “WireGuard net” as the source in the WireGuard interface fw rule did not work. For whatever reason - maybe because I did not specifically assign an interface to wg0, but just used the automatic WireGuard interface that appears. So I defined an Alias for my VPN network and used that in the rule instead

Greelan · « **Reply #2 on:** January 29, 2021, 06:57:39 am »

As an aside - I did do some digging in CLI to see whether I could find out exactly what was in “WireGuard net”, but couldn’t pin it down

mimugmail · « **Reply #3 on:** January 29, 2021, 07:36:41 am »

Wireguard net, and also OpenVPN net wont work like expected when using multiple instances.
I'd rather not use them at all.

Greelan · « **Reply #4 on:** January 29, 2021, 07:39:01 am »

I figured it was something like that, even though all my endpoints were in the same network

fields987 · « **Reply #5 on:** January 29, 2021, 07:55:07 pm »

Quote from: Greelan on January 29, 2021, 06:53:53 am

I found using “WireGuard net” as the source in the WireGuard interface fw rule did not work. For whatever reason - maybe because I did not specifically assign an interface to wg0, but just used the automatic WireGuard interface that appears. So I defined an Alias for my VPN network and used that in the rule instead

Thanks, this is exactly what I needed!

Greelan · « **Reply #6 on:** January 30, 2021, 07:33:41 am »

I've created a PR to address this issue in the how-to: https://github.com/Greelan/docs/pull/2

franco · « **Reply #7 on:** January 30, 2021, 01:36:14 pm »

PR went to your fork. Can you do one to the upstream docs too?

Thanks,
Franco

Greelan · « **Reply #8 on:** January 30, 2021, 08:55:14 pm »

Ah, oops!

Fixed: https://github.com/opnsense/docs/pull/304

Author Topic: New Wireguard Setup (Read 3256 times)

fields987

New Wireguard Setup

Greelan

New Wireguard Setup

Greelan

New Wireguard Setup

mimugmail

Re: New Wireguard Setup

Greelan

Re: New Wireguard Setup

fields987

Re: New Wireguard Setup

Greelan

Re: New Wireguard Setup

franco

Re: New Wireguard Setup

Greelan

New Wireguard Setup