[Solved] Wireguard SiteToSite with one public IP address problem

Started by departy, August 13, 2024, 11:41:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 13, 2024, 11:41:34 AM Last Edit: August 13, 2024, 01:44:56 PM by departy
Hello, I am trying to config WireGuard Site To Site with only one public IP address.

Lets call them
Network A - Public IP
Network B - Behind NAT

Both Sites are on LATEST version of OpnSense

Owned networks
Network A:
10.0.0.0/24
10.2.20.0/24
10.2.30.0/24

Network B:
10.2.0.0/24

Network A
Name: WireGuard.A
PublicKey: <key>
PrivateKey: <key>
Listen Port <port>
Tunnel Address: 10.25.25.1/24
Peers: <NetworkB.Gateway>


Peer:
Name: NetworkB.Gateway
PublicKey: <key>
Pre-shared key: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.25.25.2/32, 10.2.0.0/24
KeepAlive: 10s


Network B:
Instance:
Name: WireGuard.NetworkA
PublicKey <key>
PrivateKey: <key>
ListenPort: <port>
Tunnel Address: 10.25.25.2/32
Peers: NetworkA.Gateway

Peer B:
Name: NetworkA.Gateway
PublicKey: <key>
PresharedKey: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.2.30.0/24, 10.2.0.0/24
Endpoing: gateway.networkA.com
endpoint port: <port>
KeepAlive: 10s


I have NAT rules:
From * to * on WireGuard NetworkA and B interfaces



Problem:
When I ping from Network B anything in 10.2.20.0/24 and 10.0.0.0/24 IT WORKS
But it doesnt work backwards. When Network A pings anything from Network B i get Timeout:
PING 10.2.0.5 (10.2.0.5): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

I read online that this might be due to some rules, but I have Allow ALL everywhere
What did a package capture and noticed that the package go through but it doesnt go back for some reason: https://ibb.co/8DQkRmx

I am unable to troubleshoot this on my own, would like to ask the community for help. I do not know what I am doing wrong.

If two sites had public IPs would have been easier :(

Thanks in advance!

-----------------------------------
Added Images for easier view:
https://ibb.co/T2h6Tpm
https://ibb.co/8DQkRmx
https://ibb.co/p4f3wkk
https://ibb.co/23hk8PF
https://ibb.co/fSL3sKK
https://ibb.co/DCLWW4V
https://ibb.co/276Rgvc
https://ibb.co/NtjN8Xj
https://ibb.co/Jz6Xgr4

August 13, 2024, 01:44:43 PM #1
Solved.
I happened to have more than one Peer with the same AllowedIP addresses and I guess it was causing routing issue.

Deleted all others Peers with same routes and problem disappeared.
Print
Go Up Pages1
User actions