Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Block Private Networks - Wireguard
« previous
next »
Print
Pages: [
1
]
Author
Topic: Block Private Networks - Wireguard (Read 791 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
Block Private Networks - Wireguard
«
on:
January 05, 2024, 10:46:00 pm »
Hello all,
Not sure where this question belongs so I will put it here.
I have a Wireguard S2S tunnel running and operating well. I am able to be at site A and get to resouorces at Site B. What I have noticed is that it seems to be working in one direction. Let me detail my setup.
Site A is an OPNsense firewall with direct connectivity to Internet ISP. Site B is an OPNsense firewall that is setup to be a DMZ host, behind an ISP router. On site A's firewall WAN interface I have Block Private Networks checked, whereas on the site B side this is unchecked.
There is a WG tunnel setup between the sites, so I am wondering if the block private networks option on site A is not allowing site B private IPs to be able to communicate with site A devices. My subnets on site B are 10.0.1.0/24 and 10.0.10.0/24, which are RFC1918 addresses.
I can ping a device at Site B, from my site A PC. When I try to ping a device at Site A, from a device at site B it fails. I am wondering if the Block Private Networks on Site A OPNsense firewall is causing this. What I would like to do is opne the free flow of ports, both TCP UDP, across the WG tunnel. I would also like to keep the Block Private Networks option on Site A, but only when its across the WAN interface natively.
Can this be accomplished? Am I barking up the right tree?
Thanks,
Steve
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Block Private Networks - Wireguard