Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard and ISP required VLAN tag
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard and ISP required VLAN tag (Read 498 times)
9ck
Newbie
Posts: 6
Karma: 0
Wireguard and ISP required VLAN tag
«
on:
September 16, 2024, 04:17:24 pm »
Trying to get Wireguard to work on my sons PC from his place. I have the Wireguard server running in OPNsense at my place. I've set up a client on my sons PC and there is a handshake and Wireguard is active (green) on his PC, but he has no internet access.
The client is set up with
DNS servers 9.9.9.9 and 149.112.1.12.112.
Allowed IPs 0.0.0.0/0
I'm using a Unifi Express at his place which I've set up without the router that his ISP did provide - just not to have all this equipment running. In order to get this to work I had to tag all outbound traffic with VLAN107.
I'm now in doubt if the connectivity issue is due to the VLAN tag or it has something to do with my firewall settings at my end or that I would need to tag outbound trafic from the server. As you can understand from this I'm not that familiar with how VPNs work (flow of trafic etc.)
The Unifi router isn't easily accessible that's why I didn't test with the IPS provided router in bridge mode (but this would off course be something to do next time I visit him).
Appreciate and help trying to troubleshoot this issue. I'm also OPNsense novice... TIA.
«
Last Edit: September 16, 2024, 04:27:23 pm by 9ck
»
Logged
viragomann
Full Member
Posts: 203
Karma: 7
Re: Wireguard and ISP required VLAN tag
«
Reply #1 on:
September 25, 2024, 08:20:43 pm »
So you intend to route the whole sons upstream traffic over the VPN?
The VLAN tagging is handled by your WAN interface config. If your internet connection works the tagging might work well. It doesn't know, where the traffic is originating from.
However, maybe you're missing an outbound NAT rule for the VPN tunnel network.
Firewall: NAT: Outbound
If there is no rule on the WAN for the WG tunnel, enable the hybrid mode and add it manually:
interface: WAN
source: tunnel subnet
translation: interface address
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard and ISP required VLAN tag