Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Wireguard running on client in LAN - can't get remote access to work
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard running on client in LAN - can't get remote access to work (Read 3312 times)
tinkerytinker
Newbie
Posts: 2
Karma: 0
Wireguard running on client in LAN - can't get remote access to work
«
on:
July 18, 2019, 12:16:56 pm »
Before switching to OPNsense I was running a different (linux) router where I had a working setup to allow remote clients access to my LAN via Wireguard. Wireguard runs on a dedicated client/server connected to the LAN-NIC but within its own VLAN. This setup works when
not
using OPNsense as router and firewall.
On the OPNsense I have (WAN) portforwarding active for the wireguard port pointing to the wireguard server's IP.
Rules allow access on this port from my main LAN to the wireguard machine's VLAN. For testing I actually fully opened these two firewalls, makes no difference.
I'm pretty sure the issue is related to a missing gateway configuration but I don't understand the logic of OPNsense ('s GUI).
Could anybody explain what I need to do exactly? The goal is to a) allow the remote client to access the WAN via the Wireguard VPN and b) allow the remote client access to the local clients/main LAN. Input much appreciated!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Wireguard running on client in LAN - can't get remote access to work
«
Reply #1 on:
July 18, 2019, 12:22:20 pm »
Can you see via tcpdump if the packets arrive at your Wireguard server?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
tinkerytinker
Newbie
Posts: 2
Karma: 0
Re: Wireguard running on client in LAN - can't get remote access to work
«
Reply #2 on:
July 18, 2019, 03:11:55 pm »
I don't see why that shouldn't be possible. Probably a stupid question but: should I do that on the router-box or on the wireguard server/box? I have never used tcpdump before. The wireguard server is running a Dietpi, i.e. linux so tcpdump as a tool will not be a problem.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Wireguard running on client in LAN - can't get remote access to work
«
Reply #3 on:
July 18, 2019, 03:27:35 pm »
You run tcpdump on the wireguard box, if you see a packet arriving, portforward works, if your box sends a reply it also work has a correct gateway. Then you go to OPN and do the tcpdump on WAN interface and check if the packet leaves.
With 19.7 you can also run wireguard on the OPN itself ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Wireguard running on client in LAN - can't get remote access to work