Wireguard Gateway

Started by iwex, November 12, 2019, 07:12:13 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
November 12, 2019, 07:12:13 PM Last Edit: November 12, 2019, 07:47:04 PM by iwex
Hi guys. I want to use wireguard gateway to redirect traffic using firewall rules and aliases. How should I create a new Gateway for wireguard? Maybe I forgot to add something to firewall?
Here is my settings:
Server:
Code Select

[Interface]
Address = 10.8.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = XXX

[Peer]
PublicKey =XXX
AllowedIPs = 10.8.0.2/32

November 13, 2019, 10:23:41 AM #1
Why do you use iptables rules? Is OPN the server or the client?
November 13, 2019, 10:27:04 AM #2
I have wireguard server on VPS, found these iptables rules in some guides. If I connect to this server from my own PC - ping to 10.8.0.1 is working, and all my traffic go through wireguard.
November 13, 2019, 10:30:50 AM #3
You only need an assigned gateway if OPNsense is configured as client.
Just follow this guide:

https://docs.opnsense.org/manual/how-tos/wireguard-client.html
November 13, 2019, 10:38:52 AM #4
I saw that guide but, but it doesn't help. That guide is a bit old because gateway IP "dynamic" is not working
November 13, 2019, 10:53:27 AM #5
Again, you don't need a gateway, just dont go through this step
November 13, 2019, 11:06:24 AM #6
I need a gateway to specify it in Firewall Rules https://i.imgur.com/0jOzNit.png
November 13, 2019, 11:25:45 AM #7
I don't get it, when OPN is your server, why to you need routing rules? This doesn't make sense ..
November 13, 2019, 11:33:42 AM #8
No, OPNsense is client. I have a server on some VPS
November 13, 2019, 11:53:42 AM #9
Then you need to set "Disable Routes" in local instance, hit advanced and put in the gateway field the IP address of your VPS service. Then you can assign a gateway and add policy routes
November 13, 2019, 02:33:43 PM #10
Wow, thank you! I didn't see Advances button  :-[
November 13, 2019, 04:14:09 PM #11
I had to hide it because the chances are high everyone puts in some value there without reason ;)
July 09, 2020, 06:58:58 PM #12 Last Edit: July 11, 2020, 12:35:56 PM by Voodoo
@mimugmail im having the same issue with wireguard and cant get it solved. I hope you have some time and can take a look at my config.

Im trying to route a single host of my lan (192.168.1.170) over a wireguard vpn.

I've setup the wireguard connection, opnsense as client, added outbound nat and a gateway redirect for local client, created firewall pass rules.

Everything seems fine as i can ping the wireguard gateway from my local lan client. So nat and gateway redirect are working.

But any other request to public wan does not route over the gateway. Only when i set allowed ip's to 0.0.0.0/0, but then everything is routed over the gateway not just the single host.

WG Gateway: 10.127.127.1/24
OpnSense WG Client: 10.127.127.2/24
Local Client: 192.168.1.170/24 ( should route over WG Gateway )

Ping from 192.168.1.170 -> 10.127.127.1 works (nat translation from 192.168.1.170 to 10.127.127.2)
ping from 192.168.1.170 -> 1.1.1.1 public wan is stuck, wireguard gateway does not receive any package

Its seems like im missing something with the wireguard configuration.

Every interface has a pass any rule for testing.

Please advise.

https://i.imgur.com/V26UTDK.png
July 09, 2020, 08:05:29 PM #13
You have to disable adding routes, assign interface, add gateway, do pbr for single client. Just search the forum, plenty of questions asked and asnwered
July 09, 2020, 08:31:43 PM #14
Thats exactly what i did, can be seen in the screenshots.

I will try to continue searching other threads..
Print
Go Up Pages1 2
User actions