Wireguard site-to-site stopped working after setting dual wan failover

Started by ricksense, November 25, 2023, 09:50:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 25, 2023, 09:50:21 PM Last Edit: November 25, 2023, 09:53:57 PM by ricksense
Hi,

I started with this setup
PC A: Dual WAN failover + wireguard setup
PC B: One simple gateway (no failover) + wireguard setup
Everything worked as expected. PC A and PC B can access each other's resource via SAMBA, and PC B can even connect to PC A via RDP

I setup a dual wan failover on PC B (same setup as PC A) too, and the wireguard tunnel stopped working.
I mean, the handshake seems to be up, but devices on opnsense's LAN side can't reach devices on the other opnsense's LAN anymore, not even ping one another.

I haven't yet understood what may have been wrong.

Could you please give me an hint as a starting point, just to see where I need to check the possible misconfiguration? Thanks

for the record, here are the two tutorials I followed to setup dual wan failover and wireguard for both machine:

https://www.youtube.com/watch?v=CcXYiFj9mBA  -> dual wan failover
https://www.youtube.com/watch?v=ah0Kkkqqfcg -> wireguard site-to site setup



Thanks
November 26, 2023, 04:07:48 PM #1
I noticed that if I set the LAN pass rule to "default" instead of the failover group, the wireguard connection gets back to work. But I don't think it is what it is supposed to be.
November 26, 2023, 05:33:59 PM #2
Make an RFC1918 alias and use that for the higher rule as the destination, gateway "default". Then make another rule with destination any and gateway your failovergroup.
November 26, 2023, 06:54:43 PM #3 Last Edit: November 26, 2023, 06:56:23 PM by ricksense
Quote from: Bob.Dig on November 26, 2023, 05:33:59 PM
Make an RFC1918 alias and use that for the higher rule as the destination, gateway "default". Then make another rule with destination any and gateway your failovergroup.

it is pretty much what I did.  I set a pass rule from LAN to any on the default gateway above the "failover_group" one.

Now, the wireguard tunnel to PC_B works. Anyway, if WAN1 on PC A goes down it switches to WAN2 and I still have internet connection, but the wireguard tunnel to PC_B doesn't work anymore. I think I tried everything I could think of, but there was no way to make it work on the second/backup WAN2.
November 26, 2023, 09:00:53 PM #4
Quote from: ricksense on November 26, 2023, 06:54:43 PM
Quote from: Bob.Dig on November 26, 2023, 05:33:59 PM
Make an RFC1918 alias and use that for the higher rule as the destination, gateway "default". Then make another rule with destination any and gateway your failovergroup.

it is pretty much what I did.
No.
November 26, 2023, 09:21:48 PM #5
December 02, 2023, 02:34:20 PM #6
Print
Go Up Pages1
User actions