OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • [Solved] Wireguard SiteToSite with one public IP address problem
« previous next »
  • Print
Pages: [1]

Author Topic: [Solved] Wireguard SiteToSite with one public IP address problem  (Read 388 times)

departy

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
[Solved] Wireguard SiteToSite with one public IP address problem
« on: August 13, 2024, 11:41:34 am »
Hello, I am trying to config WireGuard Site To Site with only one public IP address.

Lets call them
Network A - Public IP
Network B - Behind NAT

Both Sites are on LATEST version of OpnSense

Owned networks
Network A:
10.0.0.0/24
10.2.20.0/24
10.2.30.0/24

Network B:
10.2.0.0/24

Network A
Name: WireGuard.A
PublicKey: <key>
PrivateKey: <key>
Listen Port <port>
Tunnel Address: 10.25.25.1/24
Peers: <NetworkB.Gateway>


Peer:
Name: NetworkB.Gateway
PublicKey: <key>
Pre-shared key: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.25.25.2/32, 10.2.0.0/24
KeepAlive: 10s


Network B:
Instance:
Name: WireGuard.NetworkA
PublicKey <key>
PrivateKey: <key>
ListenPort: <port>
Tunnel Address: 10.25.25.2/32
Peers: NetworkA.Gateway

Peer B:
Name: NetworkA.Gateway
PublicKey: <key>
PresharedKey: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.2.30.0/24, 10.2.0.0/24
Endpoing: gateway.networkA.com
endpoint port: <port>
KeepAlive: 10s


I have NAT rules:
From * to * on WireGuard NetworkA and B interfaces



Problem:
When I ping from Network B anything in 10.2.20.0/24 and 10.0.0.0/24 IT WORKS
But it doesnt work backwards. When Network A pings anything from Network B i get Timeout:
PING 10.2.0.5 (10.2.0.5): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

I read online that this might be due to some rules, but I have Allow ALL everywhere
What did a package capture and noticed that the package go through but it doesnt go back for some reason: https://ibb.co/8DQkRmx

I am unable to troubleshoot this on my own, would like to ask the community for help. I do not know what I am doing wrong.

If two sites had public IPs would have been easier :(

Thanks in advance!

-----------------------------------
Added Images for easier view:
https://ibb.co/T2h6Tpm
https://ibb.co/8DQkRmx
https://ibb.co/p4f3wkk
https://ibb.co/23hk8PF
https://ibb.co/fSL3sKK
https://ibb.co/DCLWW4V
https://ibb.co/276Rgvc
https://ibb.co/NtjN8Xj
https://ibb.co/Jz6Xgr4

« Last Edit: August 13, 2024, 01:44:56 pm by departy »
Logged

departy

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Wireguard SiteToSite with one public IP address problem
« Reply #1 on: August 13, 2024, 01:44:43 pm »
Solved.
I happened to have more than one Peer with the same AllowedIP addresses and I guess it was causing routing issue.

Deleted all others Peers with same routes and problem disappeared.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • [Solved] Wireguard SiteToSite with one public IP address problem
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2