Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Opnsense Wireguard (routing) issues
« previous
next »
Print
Pages: [
1
]
Author
Topic: Opnsense Wireguard (routing) issues (Read 785 times)
Porfavor
Newbie
Posts: 26
Karma: 0
Opnsense Wireguard (routing) issues
«
on:
May 22, 2022, 08:19:34 pm »
Good evening,
I posted this topic at
https://forum.opnsense.org/index.php?topic=28451.0
, as well. As I am not sure, if or how soon I am going to receive an answer to my question there, I also post it here. I hope, this is allowed.
I setup Wireguard on opnsense, site to site.
So far, I can reach the local IP of opnsense at site b from site A. Unfortunately, I am not able to reach othere IPs at site B. From a device at site B I can't even reach the local opnsense IP at site A.
Site B is a VLAN, which means there is no router as standard gateway, where I could set some routes. Thinking logically, I suppose that I would need to set routes at the other devices at site B so they know which device to ask how to reach site A (have to ask opnsense at site B)
On the image attached there is the opnsense VM at site A missing (IP: 192.168.132.32). Opnsense at site B is on 192.168.133.1. There is windows running on 192.168.132.2.
Site A (home) is the red square on the left, site B is the red square on the right. At site A there is a VM with opnsense running (behind a router - Fritzbox), site B also has a VM but no router, instead a hoster's VLAN, to two NICs.
Allowed IPs at site A: 10.210.0.0/24 (after a hint on another board changed to /32) as well as 192.168.133.0/24
Allowed IPs at site B: 10.210.0.0/24 (after a hint on another board changed to /32) as well as 192.168.132.0/24
The Wireguard IPs at the two endpoints are 10.210.0.1 (site A) and 10.210.0.2 (site B)
Firewall site A:
- WAN rule with Wireguard Port, incoming, UDP, Gateway: standard
- Wireguard (Group): Source single host or network 10.210.0.0/32 as well as 192.168.133.0/24
Firewall site B:
the same, but IP range at second rule (Wireguard): 192.168.132.0/24
No other restrictions set via rules.
Blocking private networks in WAN interface at site A is deactivated.
What could be the issue?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Opnsense Wireguard (routing) issues