[SOLVED] Can't access to internet with WireGuard.

Started by zero, January 03, 2024, 07:01:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 03, 2024, 07:01:00 PM Last Edit: January 05, 2024, 11:09:08 AM by zero
I configured WireGuard in the past and it worked properly, but at some point, maybe I misconfigured something, and now, the peers can't access to the internet.
When I connect to the VPN, I can see the handshake in VPN>WireGuard>Diagnostics also the peers can ping and access to internal IP, but it can't reach anything outside my LAN.
Other think to mention is that I have an Unbound DNS Override (a custom domain redirection) configured working with nginx, and it isn't working through the VPN.
I've tried to read logs, but I can't find anything strange.
I'm quite new to OpnSense and this forum and maybe someone can help.
Thank you.


January 04, 2024, 02:45:39 PM #1
What does your network look like?  What FW rules do you have configured?  What do you mean by Unbound DNS Override working with nginx?
January 04, 2024, 07:24:01 PM #2 Last Edit: January 04, 2024, 07:38:11 PM by zero
Quote from: CJ on January 04, 2024, 02:45:39 PM
What does your network look like?  What FW rules do you have configured?  What do you mean by Unbound DNS Override working with nginx?
My home network consists in 3 interfaces, WAN, LAN1 (192.168.1.XXX) and LAN2 (192.168.2.XXX).
I have a firewall rule in LAN1 and LAN2 that allows traffic between LAN1 and 2 and since in WireGuard it's configured that peers had an IP like 192.168.10.XXX there is a similar firewall rule but changing the source.
I attach some pictures below:
LAN1

LAN2 

WireGuard

Port Forward


By Unbound DNS Override working with nginx, I mean that I run applications like docker portainer on 192.168.1.10:8080, but I've configured a custom domain home.com that redirects all traffic that has home.com to my nginx and the nginx redirect docker.home.com to the docker host.


To sum up the problem:
From LAN1/2 IP I can reach the WireGuard peer with IP 192.168.10.XXX.
From WireGuard peer with IP 192.168.10.XXX I can reach LAN1 and LAN2.
From WireGuard peer I can't reach any home.com domain (but I can reach the IP hosts because they are in LAN1 or 2).
From WireGuard peer I can't reach google.com
January 04, 2024, 09:52:25 PM #3
did you create the wireguard interface ... its needed to create the "Automatic outbound NAT rule"
January 05, 2024, 10:56:19 AM #4
Quote from: vik on January 04, 2024, 09:52:25 PM
did you create the wireguard interface ... its needed to create the "Automatic outbound NAT rule"
Thank you, it partially solved my problems. I've followed this guide https://docs.opnsense.org/manual/how-tos/wireguard-client.html and now, I can access to the internet but the Unbound DNS Overrides are not working.
Any ideas?
January 05, 2024, 11:08:31 AM #5
Finally solved Unbound DNS Overrides, on the client side I put the DNS pointing to 192.168.1.1
Print
Go Up Pages1
User actions