Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[Solved]Port forward in a wireguard tunnel to another site
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Solved]Port forward in a wireguard tunnel to another site (Read 1727 times)
loic
Newbie
Posts: 2
Karma: 0
[Solved]Port forward in a wireguard tunnel to another site
«
on:
August 09, 2022, 11:15:23 pm »
Hi,
I have an Opnsense instance in the cloud (Site B) and an Opnsense at home (Site A) that are connected by a Wireguard VPN.
Opnsense (Site B)
Wan IP : 10.250.100.24/22
WG IP : 10.100.100.2/22
Opnsense (Site A)
Wan IP : 192.168.1.1/24
Lan IP : 10.69.60.1/22
WG IP : 10.100.100.1/22
Webserver
IP : 10.69.60.1/22
Diagram :
https://i.imgur.com/zHkWOn7.png
To do this I created a Wireguard VPN site to site, the web server can go ping the Wan of Opnsense (Site B) and vice versa.
I want to host a web server on my local network so I redirect port 9999 of the Opnsense (Site B) to my web server ip 10.69.60.1 on port 80 to go through the tunnel.
Example:
Opnsense (Site B) => Wireguard tunnel => Opnsense (Site A) => Webserver
But Opnsense (Site A) does not receive the packets.
When I look at the logs of Opnsense (Site A), I see that there is nothing and even this packet capture, I think that the packets are not transferred, it must be blocked at the Opnsense (Site B).
NAT: Port Forward, Opnsense (Site B) :
https://i.imgur.com/avsbmXd.png
Routes status, Opnsense (Site B) :
https://i.imgur.com/C3OxVKp.png
Logs, Opnsense (Site B):
https://i.imgur.com/lMnQi21.png
Interface wan, Opnsense (Site B):
https://i.imgur.com/2BB1l7k.png
Interface wg0, Opnsense (Site B) :
https://i.imgur.com/VwtbHmG.png
The problem is the same in reverse
Opnsense (Site A) => Wireguard tunnel => Opnsense (Site B) => Web server
Why are the packages blocked? I must have missed a step?
«
Last Edit: August 11, 2022, 02:19:58 pm by loic
»
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Port forward in a wireguard tunnel to another site
«
Reply #1 on:
August 10, 2022, 12:28:46 am »
You don't list your allowed IP's on both ends of the tunnel?
Logged
loic
Newbie
Posts: 2
Karma: 0
Re: Port forward in a wireguard tunnel to another site
«
Reply #2 on:
August 10, 2022, 07:10:51 am »
Hi,
Endpoint on the site A
Name : TO_CLOUD
Endpoint Address : IP_CLOUD_PUBLIC
Allowed IPs : 10.100.100.1/22,10.250.100.24/22
Endpoint on the site B
Name : TO_HOME
Endpoint Address : IP_HOME_PUBLIC
Allowed IPs : 10.100.100.2/22,10.69.60.1/22
Edit:
I replaced ke Opensense (Site B) by a linux serverir with wireguard and it works
«
Last Edit: August 11, 2022, 02:19:30 pm by loic
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[Solved]Port forward in a wireguard tunnel to another site