OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Wireguard is connected, but not traffic
« previous next »
  • Print
Pages: [1]

Author Topic: Wireguard is connected, but not traffic  (Read 3629 times)

KorschanX

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Wireguard is connected, but not traffic
« on: December 25, 2020, 12:29:10 am »
Hi there,

I would like to connect my local opnsense to my remote opnsense using wireguard.
Successfully configured the remote site - all remote clients are reachable by using wireguard-client for windows.

Now I want to set up my local opnsense to use the same configuration - did so, wireguard seems to be connected and handshaking. I can even ping the remote clients by opnsense (interfaces / diagnoses / ping ... using wg0 interface). Just working fine.

By using a client in my local network, the remote clients are still unreachable.
WireGuard/wg0-interface firewall settings set on any/any

Dont know what to do. Using the Wireguard Windows Client is just working fine.
Logged

allebone

  • Sr. Member
  • ****
  • Posts: 402
  • Karma: 34
    • View Profile
Re: Wireguard is connected, but not traffic
« Reply #1 on: December 25, 2020, 05:01:53 am »
Check you added a route both sides for the clients

Eg if topologoy is:

LanA 192.168.1.x —— opnsenseA —— opensenseB —— LanB 192.168.2.x

Then for a client on lan A either default route must be opensenseA or route print shows 192.168.2.x on client
OpensenseA must allow on lan a rule for wireguard traffic to remote site and opposite direction also on wireguard side.
Same for opensenseb
Client on lanB same story - default route to opnsenseB or route print shows 1.x on client.

If any step missing then likely an issue. 

When satisfied all is correct you must be able to traceroute from a client either side and hit expected path all the way along.

P
Logged

allebone

  • Sr. Member
  • ****
  • Posts: 402
  • Karma: 34
    • View Profile
Re: Wireguard is connected, but not traffic
« Reply #2 on: December 25, 2020, 05:11:37 am »
Also under endpoints tab - Allowed IPs - ensure you have both networks listed appropriately on each side. This is what is allowed to route over the tunnel.

A single client would work with only 1 entry listed. This is not appropriate for clients behind the opnsense.
« Last Edit: December 25, 2020, 05:13:22 am by allebone »
Logged

KorschanX

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Wireguard is connected, but not traffic
« Reply #3 on: December 25, 2020, 10:49:53 am »
Quote from: allebone on December 25, 2020, 05:11:37 am
Also under endpoints tab - Allowed IPs - ensure you have both networks listed appropriately on each side. This is what is allowed to route over the tunnel.

A single client would work with only 1 entry listed. This is not appropriate for clients behind the opnsense.

Thank you! This was my mistake.

I just had to add my local net to remote sites allowed IP adresses.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Wireguard is connected, but not traffic
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2