OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Help request: Wireguard full tunnel routing for external client
« previous next »
  • Print
Pages: [1]

Author Topic: Help request: Wireguard full tunnel routing for external client  (Read 1008 times)

Amanaki

  • Newbie
  • *
  • Posts: 39
  • Karma: 2
    • View Profile
Help request: Wireguard full tunnel routing for external client
« on: March 07, 2022, 10:39:55 pm »
I have a simple setup with single LAN only network 10.34.10.10/24 and a wireguard client configured for VPN access to external VPN provider. For DNS, I am using a template to forward all DNS requests to NextDNS anycast servers. All clients on LAN network are policy based routed to external VPN and are working as expected.

Today, I added a new external client device using Road Warrior and got a connection to OPNsense but cannot seem to route the client back out over my existing Wireguard VPN tunnel connection.

Have tried various different methods but the client only returns my WAN ip address instead of my VPN providers addresss. Settings are as follows:

---------------------
Servers (OPNsense):

VPN: WireGuard > Local:

Interface: WG0
Listen: 51821
Tunnel address: 10.11.1.52/16
DNS: Blank
Peers: VPN_PROVIDER
Disable Routes: Checked
Gateway: 10.11.1.51
Monitor IP: VPN provider IP address

Interface: WG1
Listen: 51831
Tunnel address: 172.16.16.2/24
DNS: Blank
Peers: iPAD_CLIENT
Disable Routes: Unchecked
Gateway: Blank
Monitor IP: Blank

------------------------------------
Clients (OPNsense):

VPN: WireGuard > Endpoints:

Name: VPN_PROVIDER
Allowed IPs: 0.0.0.0/24
Endpoint Address: VPN provider address
Endpoint port: 51822
 
Name: iPAD_CLIENT
Allowed IPs: 172.16.16.20/32
Endpoint Address: Blank
Endpoint port: Blank

------------------------
External Remote Client (iPAD):

Addresses: 172.16.16.20/32
Listen port: 51831
DNS: Blank

Peer:

Allowed IPs: 0.0.0.0/0
Endpoint: a.b.c.d:51831

------------------------------------------
NAT and Rules (OPNsense):

Firewall: Rules: WAN

Interface: WAN
Direction: In
Proto: UDP
Source: any
Ports: any
Destination: WAN address   
Destination Port: 51831

Firewall: Rules: Wireguard (Group)

None

Firewall: Rules: WG0

None

Firewall: Rules: WG1

None

Firewall: Rules: LAN

Interface: LAN
Direction: In
Proto: TCP/UDP
Source: ALL_CLIENTS (Alias for all LAN clients)
Destination invert: Checked
Destination: PRIVATE_NETWORKS (Alias for RFC1918_Networks)
Ports: WAN_SERVICE_PORTS (Alias containing service ports)
Gateway: WG0 Gateway (to VPN provider)

Firewall: NAT: Outbound

Interface: WG0
Source: Local_Networks (Alias) 10.34.10.10/24
NAT Address: Interface Address

How can I properly route all traffic from my external client down existing VPN provider tunnel?

TIA.
Manaki
« Last Edit: March 07, 2022, 11:32:24 pm by Amanaki »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Help request: Wireguard full tunnel routing for external client
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2