New Wireguard Setup

Started by fields987, January 29, 2021, 05:43:01 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 29, 2021, 05:43:01 AM
I've currently wireguard setup on a raspberry pi (pivpn) and port forwarding is set up. From a wireguard peer, I can browse internet over tunnel and access lan resources.

I've recently set up OPNSense and started playing with the wireguard plugin but I cant seem to get the config right. I've followed this guide through step 2b. https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I am able to connect my ios peer to my OPNSense wireguard instance, but dont have any lan or wan access past that. Am I missing a translation or route between my tunnel vlan 10.98.7.0/24 and lan vlan 192.168.2.0/24? I feel like im missing something easy, but I'm just too new to OPNSense to know how to fix it.

Thanks!
January 29, 2021, 06:53:53 AM #1 Last Edit: January 29, 2021, 07:23:24 AM by Greelan
I found using "WireGuard net" as the source in the WireGuard interface fw rule did not work. For whatever reason - maybe because I did not specifically assign an interface to wg0, but just used the automatic WireGuard interface that appears. So I defined an Alias for my VPN network and used that in the rule instead
January 29, 2021, 06:57:39 AM #2 Last Edit: January 29, 2021, 07:23:41 AM by Greelan
As an aside - I did do some digging in CLI to see whether I could find out exactly what was in "WireGuard net", but couldn't pin it down
January 29, 2021, 07:36:41 AM #3
Wireguard net, and also OpenVPN net wont work like expected when using multiple instances.
I'd rather not use them at all.
January 29, 2021, 07:39:01 AM #4
I figured it was something like that, even though all my endpoints were in the same network
January 29, 2021, 07:55:07 PM #5
Quote from: Greelan on January 29, 2021, 06:53:53 AM
I found using "WireGuard net" as the source in the WireGuard interface fw rule did not work. For whatever reason - maybe because I did not specifically assign an interface to wg0, but just used the automatic WireGuard interface that appears. So I defined an Alias for my VPN network and used that in the rule instead

Thanks, this is exactly what I needed!
January 30, 2021, 07:33:41 AM #6
I've created a PR to address this issue in the how-to: https://github.com/Greelan/docs/pull/2
January 30, 2021, 01:36:14 PM #7
PR went to your fork. Can you do one to the upstream docs too? :D


Thanks,
Franco
January 30, 2021, 08:55:14 PM #8 Last Edit: January 30, 2021, 09:23:06 PM by Greelan
Print
Go Up Pages1
User actions