[WireGuard] No connection to Webgui after establishing a remote VPN-Connection

Started by XY, December 20, 2023, 02:25:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 20, 2023, 02:25:13 PM
Hey Com  :)

I set up two OPNsense instances a few weeks ago, mainly to create a possibility for a WireGuard Site-To-Site and a WireGuard Roadwarrior setup.
After several problems which I was fortunately able to solve, I am now completely at a loss.

The problem has to do with the Roadwarrior setup on OPNsense Instance 1:

Instance: 2
Listen port: 51820
Tunnel address: 10.1.101.0/24

Firwall-Rules:

Floating:

PROTOCOL:    IPv4 UDP
SOURCE:      *
PORT:      *
DEST:      This Firewall
PORT:      51820
GATEWAY:   *
SCHEDULE:   *
INTERFACE:   WAN

WireGuard Interface:

PROTOCOL:    IPv4 *
SOURCE:      Verwaltung net [This is the automatic alias for the Interface-Net)
PORT:      *
DEST:      *
PORT:      *
GATEWAY:   *
SCHEDULE:   *
INTERFACE:   -

Since the firewall-rules for WireGuard are currently wide open, everything is working. All other Rules are auto-generated or vanilla.

After I have connected to the WireGuard instance with a peer from a remote site, I can access the local OPNsense IP address and the web interface via the VPN, but no longer from the local network, even after the VPN connection is off again.


- Restarting the firewall did not changed anything
- Restarting the WireGuard instance did not changed anything
- The logs dont tell me anything

The OPNsense is behind a Router with a exposed host (allow anything) rule and a static IP [192.168.178.20] for the WAN interface.
After I changed the static IP to 192.168.178.21 and do a reboot it works again until I reconnect a peer to the WireGuard instance, then the problem returns.

Additional info:

Currently an IPfire instance is still running which realizes all VPN connections with OpenVPN. This instance also acts as a gateway [10.1.1.254]. After everything is running on the OPNsense instance [10.1.1.253] and all rules have been adopted, a seamless transition should take place, in which the OPNsense instance receives the IP 10.1.1.254 and acts as the new gateway and VPN-Server for all clients.

I don't know how to debug this problem and hope someone has a hint for me.

Kind regards,
XY
Print
Go Up Pages1
User actions