Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
WireGuard Site to Site | Alternative Internet Access
« previous
next »
Print
Pages: [
1
]
Author
Topic: WireGuard Site to Site | Alternative Internet Access (Read 420 times)
SkeelKat
Newbie
Posts: 30
Karma: 0
WireGuard Site to Site | Alternative Internet Access
«
on:
June 13, 2024, 01:29:19 pm »
I have successfully created a Site-to-Site WireGuard VPN between two sites.
Site A
LAN: 172.16.1.0/24
WG: 10.2.2.1/24
Interface Assigned Manually and Allow IPV4* Rule Added
Site B
LAN: 192.168.200.0/24
WG: 10.2.2.2/24
Interface Assigned Manually and Allow IPV4* Rule Added
Added Gateway: 10.2.2.1/24
I can route flawlessly between A & B without any issues, but I have one host on Site B that must use the default WAN gateway of Site A to connect to the Internet (because of the public IP it needs to present outbound)
I created a rule to force use the Gateway Created on Site B to route over to 10.2.2.1 on Site A, but I cannot get Site A to forward that traffic via its WAN gateway. I just get Destination Host Unreachable.
How can I allow the traffic originating from the single host on Site B to pass to the gateway of Site A?
Any help would be appreciated.
Logged
Bob.Dig
Sr. Member
Posts: 257
Karma: 13
Re: WireGuard Site to Site | Alternative Internet Access
«
Reply #1 on:
June 13, 2024, 02:14:49 pm »
Do you
created the allowed IPs with 0.0.0.0/0?
enabled NAT for WireGuard?
If not, created outbound NAT-rules for Site B on Site A?
Logged
SkeelKat
Newbie
Posts: 30
Karma: 0
Re: WireGuard Site to Site | Alternative Internet Access
«
Reply #2 on:
June 13, 2024, 02:30:30 pm »
Hi Bob,
created the allowed IPs with 0.0.0.0/0?
I did add this in the peer configuration; however, this pushes a route in OPNSense that force all traffic over WireGuard from all clients in the LAN. I just need this for 1 client machine.
enabled NAT for WireGuard?
Outbound NAT rules was setup on both sides yes. This is needed for my "Road Warriors" using another WG instance
When doing a ping from client in Site B, and doing a packet capture I can see the client 192.168.200.220 is sending the ICMP request to 10.2.2.2 to 10.2.2.1 and then 10.2.2.1 immediately replies unreachable. So the issue is somewhere that 10.2.2.1 is not passing the traffic to the WAN on Site A
«
Last Edit: June 13, 2024, 02:50:33 pm by SkeelKat
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
WireGuard Site to Site | Alternative Internet Access