A question from a newbie

[sse450]

I ditched PF and installed OPNsense for the first time currently with only one port forwarding for WireGuard.
OPNsense is on 192.168.2.1. IP of my server (with WG) is 192.168.2.10.

But connection from a remote computer is another story. I can connect to the LAN through WG on my server and access my server (192.168.2.10).

However, cannot ping/access OPNsense (192.168.2.1) although it is in AllowedIPs. If I am directly on LAN, there is no problem with accessing OPNsense.

Why is that? Is there some switch in OPNsense preventing access through VPN?

Please help me get up and running with OPNsense.

[bartjsmit]

Likely OPNsense has no route to your WG subnet.

[sse450]

Thank you.

OPNsense (192.168.2.1) is a fresh install. I just entered pppoe credentials and forward port 51820/UDP to my server (192.168.2.10). WireGuard connection to the server is working. I can connect to LAN. I can ping all the other devices on LAN except OPNsense. Cannot access OPNsense GUI as well.

I would appreciate if you could elaborate your hint.

Edit: Following the connection to the LAN thru WG, I ssh to the server (192.168.2.10). Then, I can ping from the server to OPNsense.

[bartjsmit]

I would appreciate if you could elaborate your hint.

Since your internet router (OPNsense) does not handle the WG tunnel, you have two routers on your network. You need to:

- sort out the routing manually, so every hop (router) knows how to get to each side of the conversation
- use automatic routing protocols, which is likely overkill
- SNAT the WG tunnel onto the 192.168.2.0 network
- terminate the WG tunnel on OPNsense

Background info:
https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/introduction-to-routers-and-routing
https://networklessons.com/cisco/ccie-routing-switching/introduction-to-nat-and-pat

Bart...

[sse450]

Thank you. Will work on it.