Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Cannot get x-forwarded-for Wireguard client ip from LAN.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Cannot get x-forwarded-for Wireguard client ip from LAN. (Read 542 times)
shadowv3
Newbie
Posts: 2
Karma: 0
Cannot get x-forwarded-for Wireguard client ip from LAN.
«
on:
April 22, 2024, 01:17:00 am »
I have a web server and a VPN with WireGuard. The configuration is as follows. The issue is that from the web server (10.4.250.1), I see '10.0.0.4' (internal WAN IP) and I should be able to see '10.0.2.11'. How can I achieve this?
Thank you!
Logged
Monviech
Global Moderator
Hero Member
Posts: 1518
Karma: 172
Re: Cannot get x-forwarded-for Wireguard client ip from LAN.
«
Reply #1 on:
April 22, 2024, 10:52:38 am »
WireGuard doesn't rewrite HTTP Headers. For header rewrites you need a reverse proxy most of the time.
You should give some more information about your setup and what you expect.
Logged
Hardware:
DEC740
shadowv3
Newbie
Posts: 2
Karma: 0
Re: Cannot get x-forwarded-for Wireguard client ip from LAN.
«
Reply #2 on:
April 22, 2024, 11:24:26 am »
Sure, what I need is to be able to audit the external IPs (WAN-Internet or WAN-Wireguard) making requests on the web server. For this purpose, I need the web server (LAN - 10.4.250.1) to recognize that the request is coming from the Wireguard client (10.0.2.11) rather than the WAN interface of OpnSense (10.0.0.4). The base configuration of OpnSense is built upon the OpnAzure project (
https://github.com/dmauser/opnazure
). Perhaps something like IP Forwarding is needed? I'm not sure.
Subnets:
- 10.0.0.4 (WAN - Untrusted)
- 10.0.1.4 (WAN - Trusted)
- 10.0.2.0/24 (Wireguard network)
- 10.4.0.0/16 (Services network)
I can access the Wireguard client 10.0.2.11 correctly from 10.4.0.0/16, and from this client, I can also access the service subnet (10.4.0.0/16) correctly.
Many thanks!
Logged
Monviech
Global Moderator
Hero Member
Posts: 1518
Karma: 172
Re: Cannot get x-forwarded-for Wireguard client ip from LAN.
«
Reply #3 on:
April 22, 2024, 01:03:14 pm »
I'm still not sure I understand it correctly, but you might need a policy based VPN for that.
Right now, wireguard is run in routed mode. But you can also run wireguard without a transfer network to directly connect two networks with each other.
You do that by not specifying a "Tunnel Address" in "Instances" on both sides, and in "Allowed IPs" use only the networks that should be routed through this tunnel. (Imagine IPsec Policy Based VPN)
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Cannot get x-forwarded-for Wireguard client ip from LAN.