English Forums > Virtual private networks

WireGuard road warrior, no connection. Two servers.

(1/2) > >>

tuomas:
I'm trying to setup wireguard access from my phone to my lan. I got it working previously when it was the only wireguard server on opnsense. I followed this tutorial: https://docs.opnsense.org/manual/how-tos/wireguard-client.html.

I then removed to it to setup wireguard connection to Torguard server: https://forum.opnsense.org/index.php?topic=20403.0.

Maybe it's because now there are two wireguard interfaces: wg0 and wg1. wg0 is used by my torguard vpn and wg1 is this new one for my phone. When i check Wireguard --> List cofiguration, there is only wg0, which i use to connect my NAS to Torguard vpn.

Should the wg1 interface be used in firewall rules somehow?  :o

tuomas:
And i have assigned and enabled wg1 interface.

Greelan:
You likely need a firewall rule incoming on wg1 from your phone’s tunnel IP to your LAN

tuomas:
OK, now i see both wg0 and wg1 instances under Wireguard --> List cofiguration. The trick was to reboot my router.

I have set wg port 51821 for my phone wg settings under wireguard --> local. I have used this port for firewall --> nat --> "port forward" configuration. For both "Destination port range" and "Redirect target port" settings. Otherwise these settings follow this tutorial: https://docs.opnsense.org/manual/how-tos/wireguard-client.html step 2b.

Under Firewall --> Rules --> WireGuard i have followed above tutorial and used "WireGuard net" as source.

There's a hint on that tutorial that says:
--- Quote ---Rules defined under Firewall ‣ Rules ‣ WireGuard take precedence over rules individually configured for each tunnel.
--- End quote ---
So sounds like this should work, even if i'm not using wg1 as the source.

However, i can't connect to my lan.

I have tried fiddling with wg1 interface in different places but haven't got connection working.

Greelan:
Try manually specifying the tunnel network as the source in the firewall rule, rather than using “WireGuard net”. When I set mine up, I found that alias didn’t work. It may have been because I didn’t bother assigning an interface to the wg device. Or there could be a bug so that it affects you too.

Failing that, suggest you post screenshots of the relevant settings pages, sanitised as necessary. Easier to diagnose any issues.

Navigation

[0] Message Index

[#] Next page

Go to full version