Replying Traffic Not Sent Out Correct Interface

Started by Twitchiz, September 06, 2023, 03:26:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 06, 2023, 03:26:00 AM
Hello everyone. I have a VPS that exists as a front end with public IPs and has wireguard installed on it. It connects to Opnsense via said wireguard. Packets arriving on the public IP are forwarded to a certain VM. This VM can access the internet over wireguard due to a firewall rule, but when trying to access the server from the outside via ping or HTTPS, Opnsense sends the reply out my WAN interface instead of back over wireguard. I've tried disabling force gateway and reply-to but I haven't had any luck with it, unless I'm not doing something else I need to be doing. Any ideas?
September 06, 2023, 05:34:37 AM #1
In the firewall rules which allow inbound ping + https on the WireGuard interface, explicitly set 'reply-to' to the WireGuard gateway. This will force the VM's replies back through the tunnel.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
September 07, 2023, 03:38:35 AM #2
Thank you! That fixed one issue, but sadly on to the next one that doesn't make sense
Print
Go Up Pages1
User actions