How do I route all traffic to external VPN?

Started by novel, November 17, 2023, 01:43:11 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3 ... 6
User actions
November 17, 2023, 01:43:11 PM Last Edit: November 24, 2023, 11:03:16 PM by novel
Hello,

I followed this article:

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

but I never be connected through VPS.

I have successfully setup a wireguard vpn server in VPS, and wireguard client on my raspberry pi. 

Now I want to route all traffic from local network via opnsense to VPS (wireguard server) with the same setup. I don't want to use raspberry pi as wireguard client. I want the  wireguard client will be the opnsense firewall instead raspberry pi and wireguard server the vps as it is.

Is there anyone can be solve this problem?

I appreciate any help.

Thank you.

November 17, 2023, 05:21:42 PM #1
There's very little support or documentation for any of us messing with External VPN's.  I've been posting here looking for help for days now and rarely does anybody contribute

OPNsense software is way overcomplicating things, as you've seen by simply trying to follow that selective routing guide, it should've been possible in less than half the steps.  And once the guide is done and followed to the tee, they leave you completely dry with how to make use of it afterwards!
November 17, 2023, 05:53:04 PM #2
Quote from: frozen on November 17, 2023, 05:21:42 PM
There's very little support or documentation for any of us messing with External VPN's.  I've been posting here looking for help for days now and rarely does anybody contribute

OPNsense software is way overcomplicating things, as you've seen by simply trying to follow that selective routing guide, it should've been possible in less than half the steps.  And once the guide is done and followed to the tee, they leave you completely dry with how to make use of it afterwards!

I believe in people here. I hope to someone here that know much more than me  for wireguard opnsense. I have been waiting someone to help me.

November 17, 2023, 09:02:41 PM #3
Quote from: frozen on November 17, 2023, 05:21:42 PM
There's very little support or documentation for any of us messing with External VPN's.  I've been posting here looking for help for days now and rarely does anybody contribute

You know this is a community forum ? If you need a fix _now_ for your mission-critical setup: https://shop.opnsense.com/product-categorie/support/

Quote
OPNsense software is way overcomplicating things, as you've seen by simply trying to follow that selective routing guide, it should've been possible in less than half the steps.

Where can we find your lean-and-mean, just enough, easy configuration How-To, really like to read it.

Quote
And once the guide is done and followed to the tee, they leave you completely dry with how to make use of it afterwards!

Just send packets, no magic involved...
November 20, 2023, 10:00:11 AM #4
Is anybody here? Can anyone help me?

I am able to post more information if you wish!


Thank you
November 20, 2023, 10:02:35 AM #5
If you do not post all details of all your configuration concerning that VPN how should anyone help? Remove private keys, of course but we need all tunnel settings, all IP addresses, all associated firewall rules - of course.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 20, 2023, 03:04:21 PM #6 Last Edit: December 13, 2023, 10:13:01 PM by novel
Here we go...

I can't post more pictures
November 20, 2023, 03:09:23 PM #7 Last Edit: December 13, 2023, 10:13:25 PM by novel
more pictures
November 20, 2023, 03:10:26 PM #8 Last Edit: December 13, 2023, 10:13:35 PM by novel
more pictures
November 20, 2023, 03:14:45 PM #9
Is the tunnel up and can you ping the internal tunnel address at the other end from the firewall?

Second NAT on the firewall won't be enough. Once the tunnel works you will need to NAT all oubound traffic to the public IP of the other end. And this must be done at the other end.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 20, 2023, 08:27:41 PM #10
Quote from: Patrick M. Hausen on November 20, 2023, 03:14:45 PM
Is the tunnel up and can you ping the internal tunnel address at the other end from the firewall?

Second NAT on the firewall won't be enough. Once the tunnel works you will need to NAT all oubound traffic to the public IP of the other end. And this must be done at the other end.

First of all thank you very much...

When enable tunnel it doesn't work anything. So, I cannot ping. So, would you like tell me what rules I need?
November 20, 2023, 08:33:34 PM #11
From where do you ping where? You need to open a shell on the firewall with SSH and ping the other side of the tunnel.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 20, 2023, 08:58:12 PM #12 Last Edit: December 13, 2023, 10:13:54 PM by novel
Quote from: Patrick M. Hausen on November 20, 2023, 08:33:34 PM
From where do you ping where? You need to open a shell on the firewall with SSH and ping the other side of the tunnel.

Look at the result of my ping . This is from opnsense shell...

November 20, 2023, 09:05:03 PM #13 Last Edit: November 20, 2023, 09:07:30 PM by Patrick M. Hausen
wg
netstat -rn

please.

Also what does the WireGuard configuration on the VPS look like?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 20, 2023, 09:11:23 PM #14 Last Edit: December 13, 2023, 10:14:09 PM by novel
Quote from: Patrick M. Hausen on November 20, 2023, 09:05:03 PM
wg
netstat -rn

please.

Also what does the WireGuard configuration on the VPS look like?

I ddn't understand what do you mean "Also what does the WireGuard configuration on the VPS look like?"

please look at the picture..
Print
Go Up Pages1 2 3 ... 6
User actions