Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Wireguard with MultiWAN setup
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard with MultiWAN setup (Read 20329 times)
qdrop
Newbie
Posts: 21
Karma: 0
Wireguard with MultiWAN setup
«
on:
February 20, 2020, 08:52:40 am »
Hello everybody.
I successfully managed to setup an OPNsense appliance with a multiwan setup. It behaves as intended - at least for the LAN network.
On top of that I successfully configured Wireguard. It too behaves as intended.
But there's one catch: I didn't find a solution to make Wireguard using the failover gateway group as the gateway to establish the tunnel. It for some reason just uses WAN2 which is listed as "active" in the single gateways view. Changing the priorities bricks the failover group for some reason - so this ain't an option.
How can I make sure, Wireguard uses the failover group itself?
Best
Thomas
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Wireguard with MultiWAN setup
«
Reply #1 on:
February 20, 2020, 02:29:14 pm »
This seems to be a limitation that WireGuard gateways doesn't support Gateway Groups
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
qdrop
Newbie
Posts: 21
Karma: 0
Re: Wireguard with MultiWAN setup
«
Reply #2 on:
February 20, 2020, 03:00:24 pm »
I actually got it working by enabling default gateway switching:
https://docs.netgate.com/pfsense/en/latest/book/multiwan/multi-wan-terminology-and-concepts.html#default-gateway-switching
Logged
besecur3man
Newbie
Posts: 6
Karma: 0
Re: Wireguard with MultiWAN setup
«
Reply #3 on:
March 16, 2021, 11:17:36 am »
Hi, I'm having trouble getting OPNSense multi wan configuration work with WireGuard.
I have a dual WAN OPNSense setup. And I have WireGuard setup and working fine, but only on the WAN that is the current default gateway. When the WAN which is the current default gateway is up, WireGuard peers can only establish connections over that WAN. Attempting to connect over the second WAN does not work. However, if the WAN with the default gateway is down, then WireGuard clients are able to connect using the second WAN.
Can you please clarify how you got it working? More specifically, were you able to get WireGuard to work such that peers can connect to either WAN when both WANs are up?
thanks -Jeremy
Logged
qdrop
Newbie
Posts: 21
Karma: 0
Re: Wireguard with MultiWAN setup
«
Reply #4 on:
April 07, 2021, 09:53:54 am »
Well due to limitations of Wireguard we were never able to have two appliances with an active tunnel on each of them.
Instead - we have a master and slave configuration which is in-sync. We can then trigger enabling / disabling Wireguard with the CARP-events. Check the CARP-scripts to accomplish this.
But true HA / LB is not possible with WG (yet...). So all connection states will be dropped when having a failover-event.
The described setup was only set up in a lab-environment. We decided that hardware-failures are very rare and that we will fail-over manually when our master gateway crashes due to hardware issues.
HA / LB brings high complexity and cost. If our master gateway runs 5-10 years uninterrupted, it's hard to justify these costs to avoid a 20-30' downtime once or twice in that lifetime.
We'll integrate HA / LB when it's natively supported by WG / OPNsense.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Wireguard with MultiWAN setup