Wireguard and assymetric traffic

Started by francisaugusto, October 06, 2024, 02:26:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 06, 2024, 02:26:22 PM
Hi,

I got a static ip address from a provider, which is basically a wireguard configuration so I get a public IP.
I have configured wireguard properly and all (I think), and I do a port forward so that traffic coming from the wireguard on, let's say, port 80, is redirected to my reverse proxy on my lan.

I see that the packets do arrive on my reverse proxy with tcpdump. I see that the server reply, but I don't see the reply sent back to opnsense - it seems my linux server (the reverse proxy) might be simply using another route to answer the request from the remote client.

Is there a way to configure nat in a way that traffic does go back through the same route it came from, or I have to add a route on my reverse proxy?

I tried to configure outbound NAT as described here: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html, but it doesn't seem to help.

Any clues?
October 06, 2024, 05:11:49 PM #1 Last Edit: October 06, 2024, 05:14:50 PM by francisaugusto
I got it. I had to create an outbound NAT rule so that outgoing packets would be sent as coming from opnsense, and not from the remote server.

However, this has the problem that I won't get the logs of those who actually access the website - everything will have the address of the NAT server (opnsense). This is not ideal.

Is there a better way?

Print
Go Up Pages1
User actions