Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
WG selective routing and gateway
« previous
next »
Print
Pages: [
1
]
Author
Topic: WG selective routing and gateway (Read 1472 times)
Greelan
Hero Member
Posts: 1028
Karma: 72
WG selective routing and gateway
«
on:
April 01, 2021, 03:27:51 am »
I've been playing around with settings based on my
WG selective routing tutorial
, as I've been finding that the WG tools are causing some odd issues.
First I discovered that setting DNS servers in the WG local configuration on OPNsense breaks DNS resolution on OPNsense itself if OPNsense is not one of the hosts using the tunnel. This is, I've found, a known issue caused by WG tools taking over resolv.conf.
Next I found that setting an external monitor IP for the WG gateway, such as 1.1.1.1, means that IP is only accessible through the tunnel, as a static route is created for it. So I can't get to 1.1.1.1 on any host not using the tunnel. Obviously not desirable.
So I was thinking about potential other options for a monitor IP, which also led me to thinking about gateway IPs. My VPN provider (PIA) provides a tunnel IP for the PIA endpoint (in this instance 10.5.128.1). So I thought - why not use that as the monitor IP? It works. And given that I would only be trying to access that IP via the tunnel, it won't break access on non-tunnel hosts.
But that also led me to thinking about the gateway IP. The tutorial notes that essentially any unique IP for the gateway will do, and suggests using a number one below the tunnel IP of the local peer for convenience. I thought though - isn't the PIA endpoint tunnel IP effectively the gateway for the tunnel? So I also substituted that IP (10.5.128.1) as the gateway IP. And that worked too.
I do notice though some differences in the routes in OPNsense between the two scenarios that I don't quite understand. I've attached two screenshots of the routes.
The first is where the local tunnel IP is 10.5.233.120, the gateway IP is 10.5.233.119, and the monitor IP is 10.5.128.1.
The second is where the local tunnel IP is 10.5.233.120, the gateway IP is 10.5.128.1, and the monitor IP is 10.5.128.1.
What is the significance of the differences, and is one setup better/more desirable than the other?
@mimugmail and @FingerlessGloves, any thoughts from either of you in particular? Or am I just looking at stuff that doesn't matter?
«
Last Edit: April 02, 2021, 04:21:12 am by Greelan
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
WG selective routing and gateway