Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[SOLVED] Need help to set up Wireguard
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Need help to set up Wireguard (Read 2186 times)
zero
Newbie
Posts: 12
Karma: 0
[SOLVED] Need help to set up Wireguard
«
on:
October 22, 2023, 04:26:59 pm »
Hello,
I'm trying to set up WireGuard with a simple configuration, but I can't figure out what I'm doing wrong. Simply can't get internet access when in the client, WireGuard is turned on.
My topology is simple, I have 2 interfaces LAN1 192.168.1.1 and LAN2 192.168.2.1, and I would like that clients which connected to WireGuard have a LAN2 IP.
I created these firewall rules.
WAN
Protocol: IPv4 UDP
Source: *
Port: *
Destination: WAN address
Port: 51820
Gateway: *
Schedule: *
WG1 interface
Protocol: IPv4 *
Source: WG1 net
Port: *
Destination: *
Port: *
Gateway: *
Schedule: *
So after installing the plugin and configured the client I configured instances WireGuard this way
Name: wg1
Device: wg1
Tunnel Address: 192.168.2.1/24
Port: 51820
Peers: DEMO-Peer
Commands:
And Peers
Name DEMO-Peer
Endpoint address WAN IP
Endpoint port 51820
Allowed IPs 192.168.2.50
Commands
When I enable the WireGuard connection from my Demo Peer I can see that the handshake was sent in the tab diagnosis
Public key: Public key of the peer's interface
Name: DEMO-Peer
Port / Endpoint: IP of DEMO-Peer:8020
Handshake: Connection date
Send: 1.09 KB
Received: 1.20 KB
I hope someone could help
«
Last Edit: October 22, 2023, 05:40:31 pm by zero
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: Need help to set up Wireguard
«
Reply #1 on:
October 22, 2023, 04:30:31 pm »
You need a separate network for your WireGuard clients, e.g. 192.168.3.0/24. WiredGuard is a routed connection, not bridged. You cannot make the clients "appear" on a local LAN.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
CJ
Hero Member
Posts: 832
Karma: 30
Re: Need help to set up Wireguard
«
Reply #2 on:
October 22, 2023, 04:32:25 pm »
Additionally, you have the client set to only allow access to a single IP.
And you'll want to add KeepAlive 25 to both sides of the config.
Logged
Have Answer, Will Blog
zero
Newbie
Posts: 12
Karma: 0
Re: Need help to set up Wireguard
«
Reply #3 on:
October 22, 2023, 05:01:22 pm »
Thank you for all your answers, I've set WireGuard clients to 192.168.10.0/24 and enabled KeepAlive to 25 but same result.
CJ, what do you mean with: "Additionally, you have the client set to only allow access to a single IP."
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: Need help to set up Wireguard
«
Reply #4 on:
October 22, 2023, 05:28:06 pm »
On OPNsense you set the tunnel address to e.g. 192.168.10.1/24.
On the client you set the tunnel address to e.g. 192.168.10.101/32
On OPNsense you set allowed IPs for that client/peer to 192.168.10.101.
On the client you set allowed IPs to
192.168.10.1 - if you want to talk to OPNsense only.
192.168.10.0/24 - if you want all clients to be able to communicate with each other.
And additionally (!)
192.168.1.0/24
192.168.2.0/24
so the client can talk to your LANs ...
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
zero
Newbie
Posts: 12
Karma: 0
Re: [SOLVED] Need help to set up Wireguard
«
Reply #5 on:
October 22, 2023, 05:41:16 pm »
Thank you, after the explanation I realized that I had wrong IP on the client.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[SOLVED] Need help to set up Wireguard