Admin access over Wireguard

[opnessense]

the linux_pc is the ip address of a machine inside a vlan that connect to the wireguard client

[Patrick M. Hausen]

Then shouldn't that rule be placed on the VLAN interface instead of the WG tunnel interface?

Possibly I misunderstand the topology. Could you provide a drawing?

[opnessense]

i place that rule on vlan network, but on the wireguard rule i need to include also??

if i dont while im connect from the linux_pc vlan with wireguard client i loose connection

or better what rule should i put on wireguard to allow access from linux_pc that use a wireguard client

vlan linux---->linux_pc------->wireguard client linux pc

[Patrick M. Hausen]

Why do you connect to your OPNsense via WG when you are in a directly connected VLAN? Please provide a diagram.

[opnessense]

ok i see, maybe my falt

i need to create an alias for the  client defined in the wireguard vpn peers (ip) instead of the vlan client linux_pc

then i create a rule for wireguard  that allow from source wireguard peer(linux_pc1) destination this firewall

is that will work

[opnessense]

i want to connect from the wireguard instead of the vlan  client to have an extra layer of security.

[Patrick M. Hausen]

And in which way would that add security? You control the LAN infrastructure, don't you?

Anyway you need to connect to the firewalls address inside the tunnel from the client and put the client address inside the tunnel into the firewall alias.

If you try to connect to the VLAN address of the firewall even with the WG tunnel active, the client will use the local VLAN connection. Directly attached beats route.

[opnessense]

thats make sense Patrick.

thank you for your explanation,you have solve my problem.