WG: site 1 ping site 2, but not vice versa

[andre_x]

Hi all!
I've setup 2 OPNsense with WireGuard.
Attached you can see the settings of both routers.
Routes of each other routers are presents.
Site 1: 23.7.5, WG plugin (os-wireguard) 2.1 - 192.168.31.251
Site 2: 23.7.5, WG plugin (os-wireguard) 2.1 - 192.168.20.251

From site 1 I can ping 192.168.20.251
From site 2 I CAN'T ping 192.168.31.251

In the firewall In the WG interface I've created 2 rules, 1 for inbound and 1 for outbound with accept on both routers

What am I missing?
Thanks!

P.s. Sorry but I don't know how to place the images inline. How do I do that?

[Monviech (Cedrik)]

Maybe this Site-to-Site Wireguard Setup example helps you to verify your configuration:

https://forum.opnsense.org/index.php?topic=36177.0

[andre_x]

I just have 1 router with public IP, butt I'll try.

[Monviech (Cedrik)]

You can leave one endpoint IP empty. You dont need two public IPs for this to work. It's just an example of the full site to site functionality where both sites can initiate the wireguard tunnel. Thanks for your feedback. I will put a note to hint this into the tutorial :)

In your case where the wireguard tunnel seems to be up and running, and you have only ping problems, you should verify your allowed IPs on the wireguard endpoints, your firewall rules on the LAN and WireGuard (group) interfaces, and your wireguard local tunnel addresses (they have to be /24 on both opnsenses).

[andre_x]

Going through the manual you linked me, I've discovered that I was using different subnet in the tunnel address.
Thanks!

[Monviech (Cedrik)]

Great, I'm happy you could solve it. :)