Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Traffic to wireguard destination gets source NAted with WAN IP :o
« previous
next »
Print
Pages: [
1
]
Author
Topic: Traffic to wireguard destination gets source NAted with WAN IP :o (Read 2066 times)
TheChosenOne
Newbie
Posts: 3
Karma: 0
Traffic to wireguard destination gets source NAted with WAN IP :o
«
on:
March 10, 2020, 01:07:03 am »
Hi Forum,
I'm using 20.1.2 and have some trouble with wireguard. I Setup a connection between a Server on the Internet and my OPNsense. The wireguard connection is fine, but OPNsense seems to apply the default outbound NAT rule also to traffic that should be routed via the wireguard interface.
If I check the routing table on OPNsense there is an entry for my wireguard network (10.0.2.0/24) pointing to the wireguard interface (wg0). I also added the necessary firewall rules for wireguard. But if I check the live protocol I can see that traffic from my local subnet (192.168.0.0/24) to my wireguard destination (10.0.2.11) is NATed to my WAN address. Why?
My outbound NAT rules should only apply to destinations reached via WAN interface. 10.0.2.11 is directly connected, so no gateway or outbound NATing needed. Any hints where to look further or what to try?
Thank you!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Traffic to wireguard destination gets source NAted with WAN IP :o
«
Reply #1 on:
March 10, 2020, 05:52:32 am »
Screenshot of outbound Nat please
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
TheChosenOne
Newbie
Posts: 3
Karma: 0
Re: Traffic to wireguard destination gets source NAted with WAN IP :o
«
Reply #2 on:
March 10, 2020, 07:37:58 am »
Here you are
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Traffic to wireguard destination gets source NAted with WAN IP :o
«
Reply #3 on:
March 10, 2020, 10:38:15 am »
It looks like your packets are not going through the tunnel.
Can you do a packet capture via CLI?
tcpdump -n -i wg0
And look for the traffic ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
TheChosenOne
Newbie
Posts: 3
Karma: 0
Re: Traffic to wireguard destination gets source NAted with WAN IP :o
«
Reply #4 on:
March 10, 2020, 02:43:17 pm »
Hi All,
I looked deeper into this and found a Firewall rule setting a Gateway-Group to a quite generic rule. That was the reason traffic got NATet with my WAN address.
Now everything works as expected.
Thanks and Cheers
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Traffic to wireguard destination gets source NAted with WAN IP :o