Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
VPS => Wireguard tunnel => Opnsense => Webserver
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPS => Wireguard tunnel => Opnsense => Webserver (Read 2400 times)
MrBieR
Newbie
Posts: 11
Karma: 0
VPS => Wireguard tunnel => Opnsense => Webserver
«
on:
October 03, 2021, 03:41:23 pm »
Hi,
I've asked this question before but I didn't really get to a working solution.
https://forum.opnsense.org/index.php?topic=20360
Perhaps someone can help with the current status of wireguard in Opnsense.
Browser: 7.7.7.7
VPS eth0: 9.9.9.9 (outside IP address)
VPS wg0: 192.168.1.1
Opnsense wg0: 192.168.1.2 (gateway configured to be 192.168.1.254 and that works fine)
Opnsense eth0: 192.168.0.254
Local PC eth0: 192.168.0.1
On my webserver I see source IP address: 192.168.1.1 while I'd want to see the actual IP address that connected to my VPS https://9.9.9.9.
What I've tried so far:
iptables -t nat -I PREROUTING 1 -p tcp --dport 443-j DNAT --to-destination 192.168.1.2:443
iptables -t nat -A POSTROUTING -j MASQUERADE
The -j MASQUERADE causes the translation I think but I don't know how to get it working without it.
iptables -I PREROUTING 1 -t nat -i eth0 -p tcp --dport 443 -j DNAT --to 192.168.1.2:443
iptables -I FORWARD 1 -p tcp -d 192.168.1.2 --dport 443 -j ACCEPT
---
On opnsense: Wireguard it's setup like
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#wireguard-selective-routing-to-external-vpn-provider
which means that my local PC will go over the wireguard connection for the 443 port (tried that, and that works fine)
---
Package capture:
interface: wg0 7.7.7.7 => 192.168.1.2
interface: lan 7.7.7.7 => 192.168.0.1
interface: lan 192.168.0.1 => 7.7.7.7
interface: wg0 nothing..
interface: wan 192.168.1.2 => 7.7.7.7 (wrong!)
Firewall:
rule: lan outgoing source port 443 use wg0. (if I set destination port 443 then all my https traffic from this local pc goes over wg0 which works fine! but now I want to reply to an incoming request on 443 and reply to that via that route)
nat outbound: lan outgoing use wg0.
«
Last Edit: October 03, 2021, 04:14:48 pm by MrBieR
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
VPS => Wireguard tunnel => Opnsense => Webserver