Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[SOLVED] Making Road Warrior WireGuard users traffic go through external VPN?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Making Road Warrior WireGuard users traffic go through external VPN? (Read 1898 times)
frozen
Newbie
Posts: 41
Karma: 0
[SOLVED] Making Road Warrior WireGuard users traffic go through external VPN?
«
on:
November 14, 2023, 06:13:07 pm »
Hello there, I followed both the instructions to set up incoming WireGuard connections while I am not at home (Road Warrior howto) and the WireGuard Selective Routing howto to connect to my ProtonVPN accounts and then add clients under Aliases to have their traffic go through it, and both seem to be working successfully - except I cannot figure out how to make my WireGuard users traffic go through the ProtonVPN endpoint and NOT my exposed WAN ISP address.
When my phone connects to the WireGuard tunnel it's given an address of 10.10.10.2, so I put 10.10.10.2 in the HOSTS section just like I do with all the other home computers on my network, but it does not work - it seems to only apply to local LAN hosts with 192.168.1.x
As you can see in this screenshot, it works great for all my local LAN devices but the single 10.10.10.2 entry under Switzerland just doesn't seem to do anything. The phone is still being exposed by the WAN IP, and it's not going through ProtonVPN Switzerland
Please let me know how to fix this, and I will make a donation
Just to summarize - I want to use my phone while I am not at home to connect via wireguard app to my network (working fine) but I want my traffic to go through my already established & configured ProtonVPN connection. Thus, reaping the benefits of the VPN without needing to connect with their own app, while still having access to my home network.
Thank you
«
Last Edit: November 28, 2023, 01:34:33 am by frozen
»
Logged
Bob.Dig
Sr. Member
Posts: 257
Karma: 13
Re: How do I make incoming WireGuard users traffic go through VPN?
«
Reply #1 on:
November 14, 2023, 10:16:41 pm »
Show the rules...
Logged
frozen
Newbie
Posts: 41
Karma: 0
Re: How do I make incoming WireGuard users traffic go through VPN?
«
Reply #2 on:
November 15, 2023, 12:16:31 am »
Hi Bob.Dig, which ones? I don't even know how to effectively share them as it would be a whole bunch of screenshots, is there a way to output them for text block sharing or something?
I followed both of these guides:
https://docs.opnsense.org/manual/how-tos/wireguard-client.html
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
My Rules section looks like these:
https://imgur.com/a/Xm3dq2k
but obviously there's no easy way to share the contents inside without taking a bunch of partial screenshots, I'm just a novice user, if you need me to click inside of anything just let me know
Normally to make any user on my LAN's traffic go through any of the tunnels I wish, I just go into Aliases and add them to the Hosts section by IP address. But the 10.10.10.2 client doesn't work, still going through WAN
Logged
Bob.Dig
Sr. Member
Posts: 257
Karma: 13
Re: How do I make incoming WireGuard users traffic go through VPN?
«
Reply #3 on:
November 15, 2023, 09:31:53 am »
I don't use floating so I can not say anything about those but your LAN rules, although I don't get what you are doing there, those inverted rfc1918 rules look good to me and what is below those. Now do the same, as needed, for your WireGuard interface too.
Logged
frozen
Newbie
Posts: 41
Karma: 0
Re: How do I make incoming WireGuard users traffic go through VPN?
«
Reply #4 on:
November 15, 2023, 05:13:09 pm »
Hi again, and thanks again for your reply
I don't really understand the vast sets of rules in there myself - these are a result of following the OPNsense guides which I found confusing from start to finish, but luckily worked for me even though I did not understand them at all. To be honest I thought it might be easier, but it wasn't, and I had to follow long guides full of instructions that didn't really make a lot of sense so I wish I could explain it better but I don't understand them myself
Also a bit unsure what you meant by the last comment, about doing the same as needed for the Wireguard interface.. did you mean a screenshot? In this area?
https://imgur.com/a/4AOHaBh
Sorry again I am a confused newbie
Logged
frozen
Newbie
Posts: 41
Karma: 0
Re: How do I make incoming WireGuard users traffic go through VPN?
«
Reply #5 on:
November 15, 2023, 05:27:04 pm »
I installed AnyDesk onto my PC if anyone has 2 mins time and want to make short work of the problem instead of struggling through screenshots as well.. Would be happy to donate for the help as this is the last major thing I need working and I can say OPNsense is doing what I want it to
Thanks again
Logged
frozen
Newbie
Posts: 41
Karma: 0
Re: How do I make incoming WireGuard users traffic go through VPN?
«
Reply #6 on:
November 17, 2023, 05:20:43 pm »
I am still stuck and looking for help, and willing to make a donation if we can figure it out.
Maybe someone can do all of the work themselves at home if they simply have a VPN service like Nord or Mullvad.. Just follow the Wireguard Selective Routing to External VPN guide to establish any VPN connection:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
and then follow the Road Warrior VPN setup guide to run a server you can connect to from on the road:
https://docs.opnsense.org/manual/how-tos/wireguard-client.html
At the end of this you'll have both a VPN tunnel & gateway established, and your own home server listening for Wireguard connections.
But once your wireguard is connected, how do you force the traffic through the External VPN?
Thanks again
Logged
frozen
Newbie
Posts: 41
Karma: 0
Re: How do I make incoming WireGuard users traffic go through VPN?
«
Reply #7 on:
November 27, 2023, 09:12:42 pm »
Still looking for help with this! I can connect to my home network through WireGuard and access everything as needed, but I cannot figure out how to choose my VPN gateway so internet traffic isn't going through the WAN and exposing my home IP address.
I have tried adding the internal 10.10.10.2 IP which I am assigned to the Firewall Aliases for my VPN of choice, as this works perfectly for any devices on my LAN, but it does not appear to go through there for 10.x.x.x IP's? It must be needed specifying elsewhere?
I am willing to make a donation for the help as it's the final piece of my puzzle I need resolved. And I have AnyDesk installed for remote support or TeamViewer
Thanks again
I just found the same question but for a PFSENSE installation:
https://www.reddit.com/r/PFSENSE/comments/yaplg8/routing_wireguard_clients_via_vpn_gateway/
Trying to figure out what he did though
EDIT - I think he helped me !! You have to go back to the Firewall -> Rules -> LAN section then press CLONE on one of the existing !RFC1918 rules, then change the LAN interface to HomeWireGuard. Then, you go into the ALIASES and enter the 10.x.x.x IP you're assigned as the WG client while roaming under the matching ALIAS..
It's the one thing I never messed with in all this time .. Preliminary tests I think are finally working as intended! I will report back! Thanks anyways OPNsense Forum for putting up with me repeating myself, I will still make a donation once I can confirm this is doing what I want it to
«
Last Edit: November 28, 2023, 12:45:04 am by frozen
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[SOLVED] Making Road Warrior WireGuard users traffic go through external VPN?