Opnsense Wireguard (routing) issues

[Porfavor]

Good evening,

I posted this topic at https://forum.opnsense.org/index.php?topic=28451.0, as well. As I am not sure, if or how soon I am going to receive an answer to my question there, I also post it here. I hope, this is allowed.

I setup Wireguard on opnsense, site to site.
So far, I can reach the local IP of opnsense at site b from site A. Unfortunately, I am not able to reach othere IPs at site B. From a device at site B I can't even reach the local opnsense IP at site A.

Site B is a VLAN, which means there is no router as standard gateway, where I could set some routes. Thinking logically, I suppose that I would need to set routes at the other devices at site B so they know which device to ask how to reach site A (have to ask opnsense at site B)

On the image attached there is the opnsense VM at site A missing (IP: 192.168.132.32). Opnsense at site B is on 192.168.133.1. There is windows running on 192.168.132.2.

Site A (home) is the red square on the left, site B is the red square on the right. At site A there is a VM with opnsense running (behind a router - Fritzbox), site B also has a VM but no router, instead a hoster's VLAN, to two NICs.


Allowed IPs at site A: 10.210.0.0/24 (after a hint on another board changed to /32) as well as 192.168.133.0/24
Allowed IPs at site B: 10.210.0.0/24 (after a hint on another board changed to /32) as well as 192.168.132.0/24
The Wireguard IPs at the two endpoints are 10.210.0.1 (site A) and 10.210.0.2 (site B)

Firewall site A:

- WAN rule with Wireguard Port, incoming, UDP, Gateway: standard
- Wireguard (Group): Source single host or network 10.210.0.0/32 as well as 192.168.133.0/24


Firewall site B:

the same, but IP range at second rule (Wireguard): 192.168.132.0/24
No other restrictions set via rules.

Blocking private networks in WAN interface at site A is deactivated.



What could be the issue?