[Solved] Cant ssh into firewall when connected via wireguard

[Omorgan]

Hi,

Hopefully this is a 'simple' one....

I have wireguard set up in my opnsense, and it works... I have two peers who can connect, authenticate, and access LAN devices.

They can access the opnsense web gui, but they cannot establish an SSH session with the firewall. I have tested the ssh locally and it works.

What am I missing here?

The 'point' of this is to allow me to recover from a switch mis-configuration issue. Directly behind the opnsense firewall is an L3 managed switch from which all the LAN devices communicate. If I fat finger an ACL or other switch config (not an expert so learning as I go) I could knock out ALL access to LAN devices. So in those cases I can use WG to gain access to the opnsense, ssh into the opnsense and using a usb->RS232 adapter attached to the opnsense box and the switch console port undo/fix the switch mis-config. (Yes I'm doing potentially major config remotely, but needs must).

Any thoughts on why I cant access ssh of the opnsense from the WG peer, even when the same peer can access the web gui (putty just times out). I have it set to forward ALL peer traffic down vpn so that shouldn't be the issue either.

Thanks,

Owen.

[Omorgan]

Fixed.

Dumb user error........ I HAD added firewall rules for SSH on the wireguard interface. However, I neglected the fact that I had changed the SSH port number......

Dumb? Yes... very...

[franco]

It happens to all of us. Glad you could solve it.


Cheers,
Franco