Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Wireguard and NAT rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard and NAT rules (Read 6430 times)
vecchiostupido
Newbie
Posts: 4
Karma: 2
Wireguard and NAT rules
«
on:
June 22, 2019, 03:47:35 pm »
I have a surveillance software (BlueIris) on a dedicated Windows 10 PC on my local network (ip 192.168.11.20). It can be accessed via a CellPhone app or via a web interface. I would like to access it remotely via VPN (so that I don't to open ports... )
I have installed Wireguard on OpnSense and I can access my servers, VM, NAS, and my local PCs remotely (I have Allowed IP in the client as 0.0.0.0/0, and DNS= 192.168.11.1).
However, while I can ping the BlueIris PC and reach the PC, I cannot access BlueIris via its web interface or via cell phone application (which is properly configured, both WAN and LaN are the local network address). BlueIris gives an error message saying " LAN access only" and it shows in its local screen that I am trying to access it via my VPN tunnel address (10.10.9.2) , which I suppose it is rejected as it is not recognized a LAN address (e.g. 192.168.11.x).
I used in the past OpenVPN on a DD-WRT router and all worked well (e.g. I could access BlueIris remotely) , thus my guess is that I am missing a proper configuration in Opnsense, which I installed it a few weeks ago.
I am a noob but my guess is that I need to 'tell' opnsense that my tunnel addresses are to be considered a local network - my guess is that I am missing a NAT configuration, but I wasn't able to find an answer in google (I probably need the right search terms).
My NAT in opnsense is configured as per attached (to allow wireguard connections to access internet, thus I know won't help in this case).
Can you please point me to the relevant resources/google searches? Otherwise I can provide specific information on my setup to track down the issue.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Wireguard and NAT rules
«
Reply #1 on:
June 22, 2019, 04:41:47 pm »
Outbound NAT rule, Interface LAN, source your Wireguard Network, destination LAN subnet.
This should do it
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
vecchiostupido
Newbie
Posts: 4
Karma: 2
Re: Wireguard and NAT rules
«
Reply #2 on:
June 22, 2019, 08:50:46 pm »
Thank you so much for the very clear instructions. It worked as soon as I set up the rule.
I have attached a copy of the NAT rules in case somebody else has the same problem.
Logged
longtom
Newbie
Posts: 6
Karma: 0
Re: Wireguard and NAT rules
«
Reply #3 on:
May 21, 2024, 08:00:18 am »
Thanks a lot for ataching, helped a lot!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Wireguard and NAT rules