Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OPNSense Wireguard behind ATT modem/router
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNSense Wireguard behind ATT modem/router (Read 868 times)
johnnybelately
Newbie
Posts: 1
Karma: 0
OPNSense Wireguard behind ATT modem/router
«
on:
July 12, 2023, 10:35:51 pm »
Hi everyone,
Have been trying to simplify my network setup. It has been overly complicated due to my general ignorance, but hoping to get everything simplified using the OPNSense box. The basic architecture is below:
Working:
Internet <-> ATT Modem/Router (work/guest network) <-> Router <-> OPNSense <-> Wireless Router (my network, NAT disabled)
Desired:
Internet <-> ATT Modem/Router (work/guest network) <-> OPNSense <-> Wireless Router (my network, NAT disabled)
The first router was there because originally instead of OPNSense I was using Sophos which doesn't support VPN clients, so it handled Wireguard. The wireless router is set up as a router instead of an access point because for whatever reason some of the advanced features are only available in router mode. So keeping the local network isolated and using outbound NAT rules on OPNSense to send traffic out to the internet. Not sure if the WAN outbound NAT rule is necessary even more or desired now that Wireguard is setup on OPNSense.
I used this guide (
https://gist.github.com/morningreis/eeda36e8bb07dcb750d77e9a744776e8
) for the VPN setup and have success with the current setup. Am also using DNS over TLS along with Unbound DNS on the OPNSense box.
Now when I remove the unnecessary router, it seems like the DNS server just croaks. Can even turn off DNS over TLS or have the internal router use 8.8.8.8 and still have problems. I don't see any ports blocked on my firewall. So not exactly sure what's happening. I'm really a big noob so not sure what to look at first or what the hell is going on. Or maybe there's some restriction on the ATT modem/router with VPN's? I don't want to use IP Passthrough because I use my work computer on the ATT wifi for super safe isolation.
Could someone please help? Would appreciate it so much
«
Last Edit: July 12, 2023, 10:40:02 pm by johnnybelately
»
Logged
CJ
Hero Member
Posts: 832
Karma: 30
Re: OPNSense Wireguard behind ATT modem/router
«
Reply #1 on:
July 13, 2023, 02:04:27 pm »
Okay, you have a lot of moving parts going on, so it may be easier for you to state what your overall goals are and then we just start from a clean slate and configure everything to support that.
What advanced features on the wireless router are you using? What model is it?
What do you mean by super safe isolation? Do you just not want your work computer to use the same wifi as the rest of your network, not use the VPN, or both?
Logged
Have Answer, Will Blog
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OPNSense Wireguard behind ATT modem/router