Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Suffering from a basic understanding of alias
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suffering from a basic understanding of alias (Read 2017 times)
drifting
Newbie
Posts: 6
Karma: 0
Suffering from a basic understanding of alias
«
on:
May 10, 2021, 04:27:25 pm »
Please bear with my, I am partially sighted and managed to read my wayn thorugh the WireGuard install.
However there is one part I am totally confused about, and that is this:-
The final piece is to allow traffic from the WireGuard network. First define an alias (e.g. VPN_clients) and include in it the IP addresses (e.g. 10.10.10.2 and 10.10.10.3) or subnet (e.g. 10.10.10.0/24) of the WireGuard clients from which traffic is to be allowed. Do this via Firewall ‣ Aliases (click + in the bottom right).
When I create and alias, it askes for type? Then content? have tried newtork and then the IP's, but it complains they are wrong. Sorry I know this is very basic, but really frustrated and assuming I read something wrong somewhere?
Kind regards Paul.
Logged
RamSense
Hero Member
Posts: 595
Karma: 10
Re: Suffering from a basic understanding of alias
«
Reply #1 on:
May 10, 2021, 09:36:04 pm »
I have Wireguard working without the use of Alias. And went for the interface solution.
The below websites helped me. I hope they are of any help for you also:
https://homenetworkguy.com/how-to/configure-wireguard-opnsense/
https://miha-kralj.medium.com/vpn-with-wireguard-on-opnsense-7bc1d7451a6e
https://blog.linuxserver.io/2019/11/16/setting-up-wireguard-on-opnsense-android/
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Suffering from a basic understanding of alias
«
Reply #2 on:
May 10, 2021, 10:46:18 pm »
@drifting, if you are looking to include single IPs, use Host(s) as the type, and if you are looking to include a subnet, use Network(s) as the type. You can also put single hosts in Network(s) but have to use CIDR format (/32)
Reading the docs always helps:
https://docs.opnsense.org/manual/aliases.html
@RamSense, yes if you define an interface for the wgX device, then you can use the “net” variable that is created for that interface, and don’t need to define a separate alias. But defining an interface is optional for a road warrior setup, and if it is not defined it is usually necessary to define an alias rather than using the default “Wireguard net”
«
Last Edit: May 11, 2021, 01:15:50 am by Greelan
»
Logged
RamSense
Hero Member
Posts: 595
Karma: 10
Re: Suffering from a basic understanding of alias
«
Reply #3 on:
May 11, 2021, 07:15:52 pm »
@Greenlan: thanks for your answer. Can you tell me why is it better to use created " net" for that interface than the default "Wireguard net" ? What is the difference in opnsense?
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Suffering from a basic understanding of alias
«
Reply #4 on:
May 11, 2021, 10:28:49 pm »
Because “Wireguard net” does not work as expected if there are multiple wgX devices and/or multiple endpoints. I don’t know why (I haven’t been able to find out what is populated in it) but this has tripped up many people. That’s why the documentation has been updated
Logged
RamSense
Hero Member
Posts: 595
Karma: 10
Re: Suffering from a basic understanding of alias
«
Reply #5 on:
May 12, 2021, 08:06:59 am »
thnx! Excellent to know.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Suffering from a basic understanding of alias