Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
wireguard : connections from lan to the wan get redirected to intern IP
« previous
next »
Print
Pages: [
1
]
Author
Topic: wireguard : connections from lan to the wan get redirected to intern IP (Read 980 times)
zerwes
Full Member
Posts: 125
Karma: 8
wireguard : connections from lan to the wan get redirected to intern IP
«
on:
April 15, 2022, 06:09:48 am »
Hello.
I try a repost of my topic from
general discussion
here
I currently try to avoid the redirection of the traffic targeting the WAN ip address from insight (lan network) to the lan address of the opnsense device for the wireguard vpn.
Example:
wan: 1.2.3.4/30\
\
lan ---- opnsense ---- inet
\
\ 10.10.8.1/25
the wireguard client config has
Endpoint = 1.2.3.4:5555
wireguard works and is up and running, but as soon as the client (road warrior) enters the lan segment, the wireguard service redirects the endpoint to 10.10.8.1.
# wg | grep endpoint
endpoint: 10.10.8.1:5555
wireguard is still active and running at this time. But as soon as the client leaves now the lan segment again, the wireguard service on the client requires a restart, as it will not switch back to the wan IP (why should it, the internal lan IP is not reachable and can not send a redirect).
So in order to have a
always on
feature of the wg client service, I am trying to avoid the redirect as soon as the traffic comes from the lan side.
Wireguard currently has no option to bind to a specific interface / IP address.
I tried to block the LAN address udp port used by wireguard before starting the wg service with netcat, starting wg and then stopping the netctat process, or by shooting down the LAN before starting wg and bring it up again after starting wg as experiment. With this, the wireguard VPN is not working from insight.
Outbount NAT rules on the LAN interface are without effect
(iface: LAN src: THIS_FIREWALL sport: udp/ 5555 dest: LAN net dport: udp/ * nat address: WAN address)
So unfortunately I am out of luck and running out of ideas now and hoping for some input pushing me into the right direction.
Before switching to opnsense, we used wireguard on a dedicated vpn endpoint server in a dmz. So for now it seems that switching back to this option is unfortunately the only solution...
Thx in advance
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
wireguard : connections from lan to the wan get redirected to intern IP