Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard Client -> Client not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard Client -> Client not working (Read 1517 times)
hongkongkiwi
Newbie
Posts: 4
Karma: 0
Wireguard Client -> Client not working
«
on:
July 11, 2022, 05:16:24 pm »
I'm using the RoadWarrior setup and it's working well.
Wireguard Network:
Tunnel IP - 10.0.10.1/24
Peer IP - 10.0.10.2/24
Allowed Networks - 10.0.10.0/24, 192.168.90.0/24
I would like to access the web interface at 10.0.10.1, but I can't seem to get access to this (either ping or access to the web ui).
I can access the webui using 192.168.90.2 but I want to access it via the Wireguard server ip: 10.0.10.1
When using IP tables i would have the following rule to allow this:
iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
I couldn't figure out how to get this same functionality in OPNsense. I couldn't any examples of people in the forums wanting wg->wg client functionality.
I've attempted to have a look for dropped packets in the firewall log, but I see nothing related to this interface, it's like the packets just disappear or are silently dropped for 10.0.10.1 (this includes when attempting to use this as the DNS server), using my lan ip for the dns server works just fine.
«
Last Edit: July 11, 2022, 05:29:07 pm by hongkongkiwi
»
Logged
hongkongkiwi
Newbie
Posts: 4
Karma: 0
Re: Wireguard Client -> Client not working
«
Reply #1 on:
July 11, 2022, 05:30:36 pm »
Here's some screenshots of my rules. Everything seems super straightforward except this weird issue.
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Wireguard Client -> Client not working
«
Reply #2 on:
July 11, 2022, 07:27:23 pm »
You have that IP as your tunnel address. There's no web server running on it, it's just the tunnel.
What web interface are you trying to access?
Logged
hongkongkiwi
Newbie
Posts: 4
Karma: 0
Re: Wireguard Client -> Client not working
«
Reply #3 on:
July 12, 2022, 05:09:03 am »
I'm attempting to access the OPNSense web interface, the Unbound DNS server and also ping the wireguard tunnel address.
My understanding is that the "Tunnel Address" is attached to the wireguard adapter, e.g. wg1 on the OPNSense server in my case.
When using the web diagnostics I can ping the tunnel address 10.0.10.1, but from another wireguard client my packets get stopped somewhere. I can access other private networks just fine such as 192.168.90.0/24.
Basically, what I'm trying to do is to have all wireguard clients access each other (10.0.10.0/24) AND have all wireguard clients have access to the OPNSense tunnel address (10.0.10.1). This means that when I'm logged in as a wireguard client I can access the Unbound server on this address and also the OPNSense web gui.
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Wireguard Client -> Client not working
«
Reply #4 on:
July 12, 2022, 01:42:20 pm »
Ok, I get it now. Misunderstood what you were saying.
Use the packet capture on the WG interface and try to ping from a client.
I'm guessing you'll see the requests but it's not sending replies back to the client.
Might need a static route.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard Client -> Client not working