wireguard site to site vpn with a fritzbox

Started by hoitschau, November 16, 2022, 10:43:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 16, 2022, 10:43:46 PM
hi all

i am testing a wireguard site to site vpn with a fritzbox 6850 LTE 7.39 labor.

setup opnsense:
client in the lan 192.168.0.11
opnsense 192.168.0.1
opnsense wireguard interface 10.0.0.1

setup fritzbox
client in the lan 192.168.1.21
fritzbox 192.168.1.1
fritzbox wireguard interface 10.0.0.2

the tunnel is connecting, and i can ping client 192.168.0.11 to client 192.168.1.21 both side.
now i want send a http request from client to client.
from fritzbox lan client to opensense lan client it works.
but if i send the http request from opensense lan client to fritzbox lan client the request failed.

i have traced it in both network, and the only diffenert i found is the following:

trace in the opensense network.
i see the incoming packet of the http request from the fritzbox lan client,
the source ip-adress of the packet is the ip-address of the fritzbox wireguard interface 10.0.0.2
so the communication in the opnsense lan is:
10.0.0.2 - 192.168.0.11
192.168.0.11 - 10.0.0.2

trace in the fritzbox lan
i see the incoming packet of the http request from the opnsense lan client,
the source ip-adress of the packet is the ip-address of the opnsense client 192.168.0.11
so the communication in the fritzbox lan is:
192.168.0.11 - 192.168.1.21
192.168.1.21 - (192.168.0.11)
but the answer failed and i dont see the answer in the opensense lan.

now my question is, can i configure opensense that the wireguard interface change the source ip of the packets like the fritzbox do it?
i want test if the communication works like:
10.0.0.1 - 192.168.1.21
192.168.1.21 - 10.0.0.1

or maybe someone has an other idea what goes wrong in this szenario and how i can fix it.

thank you and greetings
November 16, 2022, 10:46:19 PM #1
What's your allowed IPs setting for the tunnel on both sides?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 16, 2022, 10:48:55 PM #2
opnsense 192.168.1.0/24
fritzbox 192.168.0.0/24

the tunnel is working, i receive the packets at the clients.
i really think its an addressing problem or something like that
November 16, 2022, 11:09:26 PM #3
a picture from an old trace, sorry the ip's are different to my example, but maybe it helps.
you can see the http request one side working, one side not
November 24, 2022, 08:02:56 PM #4
sorry i try to ask again if someone has an idea what i need to configure in the opnsense?
Print
Go Up Pages1
User actions