Route "the other way" through wireguard

Started by petersk, November 16, 2022, 10:48:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 16, 2022, 10:48:43 PM
I have wireguard working from Europe to the US using a GliNet Slate (Slate AX (GL-AXT1800) https://www.gl-inet.com/products/gl-axt1800/).  The IP CIDR address on that side is 192.168.8.0/23. And my Roku on that side (connected through WIFI) properly  streams stuff as if it's in the US.

For Wireguard that device is 172.16.16.4/32, where I have an interface named HomeWireGuard set up under OPNsense.  The wireguard server is in the US and is 172.16.16.1/23 with the .4/32 as a peer. The "tunnel address" is 172.16.16.1/23.

I have the client allowing all IPs  0.0.0.0 from Europe to the US and everything is working perfectly or at least, as expected.

What I want now is to allow a device on the US side to connect to the WAN on the European side.  What I was thinking is setting up a Roku device on the US side and being able to stream as if I were in the European region. The VPN tunnel should be two-way, right?

I'm thinking I'd have to have the device on the US side have an IP address like 172.16.16.6, but what else do I need to set up in terms of routes, etc.?  I looked at trying to go to System: Routes: Configuration, but I don't even see the HomeWireGuard interface there nor wg1.  It only has these options on the pull down: Null4 - 127..., Null6 - 127..., and WAN_DHCP- IP.

Any  thoughts on how I'd do this?  Do I need a new route on the GLiNET side too?
November 17, 2022, 07:24:18 AM #1
There is no "way" in routing. Packets need to go both ways.

Check for deny entries in the firewall log. It is much more restrictive inbound.

Bart...
November 17, 2022, 08:44:01 AM #2
...but there is a "way" with a stateful firewall as the initial side of the communication counts.

What you want is the setup of a site-to-site WG tunnel. Did you follow the how-to in the opnsense documentation for this (! site-to-site) WG tunnel including NAT?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
November 17, 2022, 04:14:39 PM #3 Last Edit: November 19, 2022, 10:14:27 PM by petersk
If you're referring to this one, then yes, those steps were done in the follow on one about setting up a wireguard client, unless you know something I didn't see there:
https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html

I will check the firewall log as Bart, the other  person, suggested, on both links.
I found this one which might get me there. I'm going to try it.
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

OK, I tried doing that link, but it is hard to follow with no specific example. Here's my network layout if someone could lend a hand that  would be great.
https://imgur.com/YDQNGUg
K
November 20, 2022, 07:07:26 PM #4
Bump
Print
Go Up Pages1
User actions