Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Route host through wireguard
« previous
next »
Print
Pages: [
1
]
Author
Topic: Route host through wireguard (Read 4698 times)
tuomas
Newbie
Posts: 12
Karma: 1
Route host through wireguard
«
on:
December 09, 2020, 01:06:08 pm »
I'm a hobbyist and learning networking with opnsense.
I followed road warrior setup instructions and i can access my LAN devices fine, except my NAS. My NAS has two network interfaces configured. One of them is openvpn. When i disable that openvpn interface, i can access it just fine.
So how could i configure my systems to access my NAS?
I think maybe one possibility could be to route all NAS traffic that's going out through wireguard on opnsense. And remove openvpn on NAS. Is this possible?
Logged
tuomas
Newbie
Posts: 12
Karma: 1
Re: Route single host through wireguard
«
Reply #1 on:
December 13, 2020, 10:08:57 am »
OK, now I'm trying this solution: "I think maybe one possibility could be to route all NAS traffic that's going out through wireguard on opnsense. And remove openvpn on NAS. Is this possible?"
I'm using Torguard and now all my traffic is going through wireguard. But i would like to route only a single host through wireguard. How could this be done?
I followed this tutorial to setup wireguard:
https://listed.to/@lissy93/18842/how-to-mullvad-vpn-using-wireguard-on-opnsense
.
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Route host through wireguard
«
Reply #2 on:
December 13, 2020, 10:50:37 am »
Usually, add the VPN, set disable routes in instance,add a gateway, assign interface, add the gateway and then a Firewall rule with Nas IP and gateway the new one in rule.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Route host through wireguard
«
Reply #3 on:
December 13, 2020, 12:13:28 pm »
A somewhat longer version of mimugmail’s summary is here:
https://r.tapatalk.com/shareLink/topic?share_fid=197904&share_tid=20413&url=https%3A%2F%2Fforum%2Eopnsense%2Eorg%2Findex%2Ephp%3Ftopic%3D20413&share_type=t&link_source=app
See from post #4 onwards. Although in addition to mimugmail’s summary I found an outbound NAT rule to be necessary
Logged
tuomas
Newbie
Posts: 12
Karma: 1
Re: Route host through wireguard
«
Reply #4 on:
December 13, 2020, 02:22:18 pm »
Thanks, i think it's working now
! Only traffic from my NAS is going through wireguard.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Route host through wireguard
«
Reply #5 on:
December 13, 2020, 11:22:37 pm »
Great. One other thing you might want to check is how DNS is being handled. If your NAS is already using a public DNS such as Cloudflare and you are happy to continue with that for the tunnel, probably nothing more to do. The requests should be going via the tunnel.
My case is a little different. I run Pi-Hole and unbound on a RPi that provides DNS to my network. Given that is on a local IP, it is not routed through the tunnel in the setup I previously outlined (since local IPs are excluded from being passed through the tunnel). I will have to figure out how to deal with that. I probably first need a firewall rule that sends DNS packets from the iPhone destined for the RPi instead through the tunnel, and then also some form of NAT rule that translates those packets from the RPi IP to an IP in the tunnel (possibly the gateway IP, or the local tunnel IP?) so that the DNS servers configured in WG are used.
But that will break local DNS resolution. My current OpenVPN setup for another host in my LAN has split DNS implemented which deals with that issue. Not sure whether that is currently possible with a WG setup. Hmmm...
«
Last Edit: December 13, 2020, 11:38:40 pm by Greelan
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Route host through wireguard