OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Routing Issue on a VPS with OpnSense and WireGuard
« previous next »
  • Print
Pages: [1]

Author Topic: Routing Issue on a VPS with OpnSense and WireGuard  (Read 415 times)

kluk42

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Routing Issue on a VPS with OpnSense and WireGuard
« on: June 16, 2024, 07:34:03 pm »
Hi there, I am currently trying to set up a WireGuard server with the following main goals:

  • bridge two sites (10.0.0.0/8 and 192.168.1.0/24) for local traffic

    e.g. a server on Site A with the IP address 10.0.0.70/8 should be able to connect to a server on Site B with the IP address 192.168.1.99/24 and vice versa

    For site a and b only the traffic in those two subnets should be routed through the tunnel
  • access to both sites for mobile devices so that I can communicate with both subnets from my phone

    For mobile devices I would also like to route internet traffic through WireGuard
     
The current plan is to have a server with a public static IP address running OPNSense, WireGuard and AdGuard Home (see attachment)

Both Sites will run a Unifi Cloud Gateway Ultra as their Router/Firewall because it's affordable and supports WireGuard. I already have it set up on Site A, the unit for Site B did not arrive yet.

What I already did:
  • Rented a fresh server with a static IP address and installed OPNSense 24
  • Configured WireGuard according to the official Road Warrior Setup
  • Added a client for my mobile device with AllowedIPs being 0.0.0.0/0, ::/0
  • Added a client for Site A, because its running on the Cloud Gateway Ultra I manually added rules for 172.21.21.0/24 and 192.168.1.0/24 in the controller to be passed to the vpn connection

What already works:

  • Mobile devices route all their traffic to the server and can access the internet
  • Ping from one wireguard client to another (e.g. 172.21.21.3 to 172.21.21.1)
  • Ping from a local machine in Site A (10.0.0.0/8) to all other WireGuard clients

What doesn't work is to ping anything in the local network of Site A (10.0.0.0/8) with my mobile device.
A ping from 172.21.21.3 to 10.0.0.50 for example will not work.

I skimmed through the logs of the OPNSense firewall and found that the icmp package that is transmitted (and forwarded through the firewall) has the static IP address of the server as its origin.
Maybe thats an issue, maybe thats expected - I don't really know, my knowledge with this kind of setup is very limited, could you maybe help me out ? :)

I very much appreciate your insights :)

Let me know if you need any additional data (e.g. client configs).
« Last Edit: June 16, 2024, 09:19:38 pm by kluk42 »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Routing Issue on a VPS with OpnSense and WireGuard
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2