Wireguard and routing issues

Started by enmi, November 08, 2023, 04:17:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 08, 2023, 04:17:11 PM
Hi, My current setup is as follows:
Wireguard instance 1:
Site to Site Setup using: https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
Settings:
Port: 51820
Tunnel address: 10.2.2.1/24
Peers wgopn-site-b

Peer
Settings
Name: wgopn-site-b
Allowed IPs: 10.2.2.2/32, 10.0.22.0/24, 172.16.10.0/24
Endpoint port: 51820
Keepalive interval: 25

Wireguard instance 2:
Roadwarrior setup using: https://docs.opnsense.org/manual/how-tos/wireguard-client.html
Settings:
Port: 51821
Tunnel address: 10.10.10.1/24
Peers Laptop01

Peer
Settings
Name: Laptop01
Allowed IPs: 10.10.10.3/32, 10.0.22.0/24, 172.16.10.0/24


Lan on site A : 172.16.10.0/24
Lan on site B : 10.0.22.0/24

Currently i can ping the clients on network 172.16.10.0/24 from my roadwarrior client "Laptop01" but not the 10.0.22.0/24 network. but if I connect via ssh to a server on 172.16.10.10/24 i can ping 10.0.22.7 i have tried with adding gateways,static routes, and adding firewall rules. but i feel I'm starting to make a mess of things.

Anyone got any tips of were i should start?
March 18, 2024, 09:28:12 PM #1
cannot seem to locate were to start a topic. untangle home edition has been will be discontinued and no longer provided
after researching i have installed opnsense.  got the wiregaurd up and running with one client using warrior install guide.
does anyone have a guide on how to add multiple wireguard clients?

thank you,
March 18, 2024, 09:45:24 PM #2
Just add more peers to the same instance.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 18, 2024, 10:59:17 PM #3
thx for your reply
so just add peer with the tunnel wireguard and keep the same instance and all firewall rules the same only changes is the subnet for the clients and names of course, correct?
March 18, 2024, 11:00:05 PM #4 Last Edit: March 18, 2024, 11:02:09 PM by Patrick M. Hausen
Yep.

To elaborate: for a road warrior why are you using an entire subnet per peer? You can use one e.g. /24 for the instance, assign 192.168.0.1/24 to the instance on OPNsense and 192.168.0.2/32, 192.168.0.3/32, ... via "AllowedIPs" to the individual peers.

On the peer side assign to "AllowedIPs" either 192.168.0.0/24 plus whichever other networks you want to reach or "0.0.0.0/0" to direct all traffic into the tunnel.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 18, 2024, 11:01:35 PM #5
thx
Print
Go Up Pages1
User actions