OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Asymmetric Routing Assistance
« previous next »
  • Print
Pages: [1]

Author Topic: Asymmetric Routing Assistance  (Read 2018 times)

therecker

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Asymmetric Routing Assistance
« on: July 11, 2023, 06:17:13 pm »
I have moved to opnsense from Sophos Appliances. I'm struggling with asymmetric routing and just cannot seem to get it to work. It was super easy to do in Sophos. I would just goto the CLI and enter the following commands and bam it would work.

Console> set advanced-firewall bypass-stateful-firewall-config add source_network 10.10.10.0 source_netmask 255.255.255.0 dest_network 10.252.252.0 dest_netmask 255.255.255.0

Console> set advanced-firewall bypass-stateful-firewall-config add source_network 10.10.10.0 source_netmask 255.255.255.0 dest_network 192.168.50.0 dest_netmask 255.255.255.0

So my scenario is this. I am running Wireguard VPN on a device in my lan 10.10.10.240. It has a connection to another device that resides on 192.168.50.x. The wireguard tunnel network is 10.252.252.x. I want to be able to communicate with these networks from my lan via IP. Right now I just get a failure. I'm just not sure where to start. I have a read a ton of documentation and try some of it but none of it works. And the Wireguard tunnel is up and passing traffic from the 10.10.10.240 device. I have a fw rule that is allowing the udp traffic to pass through the wan.

Any assistance would be greatly appreciated.
Logged

CJ

  • Hero Member
  • *****
  • Posts: 832
  • Karma: 30
    • View Profile
    • Have Answer, Will Blog
Re: Asymmetric Routing Assistance
« Reply #1 on: July 11, 2023, 08:08:59 pm »
Do I understand correctly that your LAN is 192.168.50.0 and your WG is 10.10.10.0?

Did you configure any firewall rules for the WG to allow it access to anything like in the guide?  Or did you just allow the incoming port to the WG service on WAN?
Logged
Have Answer, Will Blog

therecker

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: Asymmetric Routing Assistance
« Reply #2 on: July 11, 2023, 09:34:50 pm »
My LAN is 10.10.10.0
The Wireguard is NOT running on the Firewall but on another device on my LAN at 10.10.10.240
The far network is 192.168.50.0 and the Wireguard tunnel is 10.252.252.0

I hope that clarifies things.
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6935
  • Karma: 584
    • View Profile
Re: Asymmetric Routing Assistance
« Reply #3 on: July 11, 2023, 09:55:46 pm »
Die you create a gateway (System > Gateways) in OPNsense for 10.10.10.240 and add a static route to your WireGuard networks?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

mimugmail

  • Hero Member
  • *****
  • Posts: 6767
  • Karma: 494
    • View Profile
Re: Asymmetric Routing Assistance
« Reply #4 on: July 11, 2023, 10:19:27 pm »
In GUI set the filter rule, at the bottom tick advanced, scroll down, "keep state" to none
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

therecker

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: Asymmetric Routing Assistance
« Reply #5 on: July 12, 2023, 01:38:01 am »
Quote from: pmhausen on July 11, 2023, 09:55:46 pm
Die you create a gateway (System > Gateways) in OPNsense for 10.10.10.240 and add a static route to your WireGuard networks?

This worked.

I don't know why that seemed so difficult to me but ended up being so simple.

Thank you for your help.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Asymmetric Routing Assistance
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2