WireGuard Site-to-Site Setup with far-end break-out

[MoonbeamFrame]

I have no problem in getting the Site-to-Site traffic passing.

But I'm having limited success on doing the far-end break-out, currently it is working from A to B, but not B to A.

I have not found anything in the forum, so could someone point me to any documentation that might help?

Thank you.

[Monviech (Cedrik)]

Could you provide a network diagram of what you try to do?

[MoonbeamFrame]

Simplified diagram attached.

We have

- vlans A1 and B1 exchanging traffic
- vlans A2 and B2 isolated from each other
- vlan A1 able to use WAN B

I'm trying to get vlan B1 to be able to use WAN A

Site A is running OPNsense (my end). Site B is running Linux iptables.

At site A traffic from site B can be seen routing out via WAN A, but site B does not see the return traffic.

[Monviech (Cedrik)]

Does the wireguard tunnel config on both sides include:

Code Select Expand


[Peer]
AllowedIPs = 0.0.0.0/0


Otherwise the wireguard tunnel drops packets with a public IPv4 address as destination.

I would use this tutorial to create a wireguard tunnel as a gateway: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

[MoonbeamFrame]

Thanks.

0.0.0.0/0 Already set

And that was the tutorial I used when configuring the tunnel.