Access far ressources via wireguard (routing problem)

[Paul_Senger]

Hi,

I stuck with my wireguard configuration. I tried to draw a litte overview to illustrate the use case I want to realize. (Access a far ressource with multiple clients).

Code Select Expand


--------------------                     -----------------------                       ---------------------                 --------------
|  Client 1          |                   |                       |                     |                     |               |  example     |
|  PC                |-------------------|OPNsense with Wireguard|-------------------->|Router with Wireguard|-------------->| (FTP)Server  |
|                    |                   |  Client               |                     |  Server             |               |              |
--------------------                     -----------------------                       ---------------------                 --------------
--------------------                        |  |
|  Client 2          |                       |  |
|  PC                |-----------------------   |
--------------------                           |
--------------------                           |
|  Client 3          |                          |
|  PC                |---------------------------
--------------------

I'm at the point, where I can ping from the opnsense the destinated router and the ftp-server. But I can't reach them from the client pc's. For my understanding I didn't create all needed routing rules or something. Second, am I right, that the configuration of the clients via DHCP (fixed ip adresses based on mac adresses from opnsense dhcp-server, has no impact on the wireguard config? I have no idea, where the problem is and how I have to procedd.
I would be appreciated if somebody can help me.

Thanks you very much in advance.

Paul

[Paul_Senger]

After playing a litte bit around.
Could it be possible, that there is a problem with the circumstance, that i provide my local ipadresses via dhcp? Do I have to provide/add a special route for reaching the far clients though wireguard via dhcp?

Thanks

Paul

[Greelan]

You should be able to achieve this by firewall rules (policy based routing) and allowed IPs in WG

[Paul_Senger]

I set a source=any and destination=any role for the wg interface. Just for test, if it works in general. After it worked, it wanted to set the rule more resticted.
But even with this "all" rule it didn't work.

[Paul_Senger]

Ok, it seems I found the solution.
I have to create a NAT Outbound rule, where I have to set the wg interface as "Interface" and the Source addess to "LAN net".
Now every local client can reach the far ressources.  ;D