OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • Sensei and Wireguard clients
« previous next »
  • Print
Pages: [1]

Author Topic: Sensei and Wireguard clients  (Read 3150 times)

marcelmah

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 3
    • View Profile
Sensei and Wireguard clients
« on: August 13, 2021, 03:38:18 pm »
Hi,

I'm using Sensei (premium home edition) to protect my daughters from certain sites.
I also want them protected when they use their tablets on someone else's WiFi.
So I created WireGuard profiles for all devices.

WireGuard works fine, but no filtering happens...

I'm running OPNsense 21.1.9_1-amd64.

I read that It wasen't possible at first, but this was months ago and SV was funding netmap to get is to work.
I can and I have selected my wg0 interface as one of the protected interfaces.

Can this work now? If not, is it being developed? can we track progress? if It's possible, what am I doing wrong?
Logged

beki

  • Jr. Member
  • **
  • Posts: 94
  • Karma: 10
    • View Profile
Re: Sensei and Wireguard clients
« Reply #1 on: August 13, 2021, 05:21:00 pm »
Hi marcelmah,

Can you try with tcpdump when Sensei is active? If there is no packet with tcpdump as well, then take the bypass Sensei Packet Engine (Status - Services - Packet Engine - Enter Bypass Mode) and run tcpdump again.

tcpdump -s0 -ni wg0 -vvv

Logged

marcelmah

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 3
    • View Profile
Re: Sensei and Wireguard clients
« Reply #2 on: August 16, 2021, 12:18:14 am »
Quote from: beki on August 13, 2021, 05:21:00 pm
Hi marcelmah,

Can you try with tcpdump when Sensei is active? If there is no packet with tcpdump as well, then take the bypass Sensei Packet Engine (Status - Services - Packet Engine - Enter Bypass Mode) and run tcpdump again.

tcpdump -s0 -ni wg0 -vvv
Hi, when I enter this command on my OPNsense shell it shows a lot of traffic.
No filtering happens tho..., when I'm connected on my LAN I can no longer visit the sites I've blocked.
Logged

athurdent

  • Sr. Member
  • ****
  • Posts: 251
  • Karma: 23
    • View Profile
Re: Sensei and Wireguard clients
« Reply #3 on: August 16, 2021, 06:23:53 am »
Are you using a custom policy to filter, or the default one? In case of a custom policy, it might be necessary to add the wg0 interface there.
Logged

marcelmah

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 3
    • View Profile
Re: Sensei and Wireguard clients
« Reply #4 on: August 16, 2021, 10:35:49 am »
Quote from: athurdent on August 16, 2021, 06:23:53 am
Are you using a custom policy to filter, or the default one? In case of a custom policy, it might be necessary to add the wg0 interface there.
When I did the test I disabled the custom policy, so only the default one was active.
I disconnected my phone from WireGuard, disabled WiFi and enabled hotspot
I used my laptop to test the blocked site (was blocked).
I then disconnected from my WiFi and connected to my mobile hotspot
I could now browse the blocked website (this is as expected).
I then connected to one of my daughters WireGuard profiles, but was still able to browse to the websites that should have been blocked, the profile was working as I had my fixed line WAN IP address and I could browse local LAN devices.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • Sensei and Wireguard clients
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2