Author Topic: WireGuard - Port forwarding to VPN wireguard host. (Read 1358 times)

llek · « **on:** June 14, 2024, 05:58:53 pm »

Hello, I've just come to OPNsense from PFsense. Everything went smoothly apart from this.
Now I had this setup on pfsense for about 2 years now so I know that the port forwarding to the wireguard client on the server is setup correctly.

I've managed to setup "Host -> OPNsense -> Wireguard server -> Internet" configuration just fine however I am struggling to setup "Internet -> Wireguard server -> OPNsense -> Host" basically said port forwarding to the VPN interface.

I am attaching my current port forward config (HTTPS). If I need to attach anything else, please let me know!

The port is not open for some reason.

I am right now stuck and I really don't know what to do next. Any help is appreciated.
Thank you!

Patrick M. Hausen · « **Reply #1 on:** June 14, 2024, 05:59:52 pm »

Change Filter rule association to "Pass".

llek · « **Reply #2 on:** June 14, 2024, 06:08:06 pm »

Thank you for the very quick response!

I changed the "Filter rule assosciacion" to "Pass" however the port is still unreachable.

llek · « **Reply #3 on:** June 14, 2024, 07:01:06 pm »

So an update, it seems that the firewall does let it through as seen in the attached screenshot. However I do not get anything either when I scan the port, or when I try to load the website on that web server.

llek · « **Reply #4 on:** June 14, 2024, 07:42:26 pm »

Please ignore the previous post, these are the real logs, however, on port 80 - but it's setup exactly like port 443.

Maybe there is a problem with the reply from the webserver?

Patrick M. Hausen · « **Reply #5 on:** June 14, 2024, 09:12:03 pm »

Did you move your UI to a different port than 443 and also disable HTTP --> HTTPS redirect for the UI?

llek · « **Reply #6 on:** June 14, 2024, 09:29:14 pm »

Yes, I have it on 8443. I did not have the redirects disabled, but I tried to disable them just now and still nothing.

It's also good to mention that this webserver is already forwarded to my native WAN - this IP is for services that can be proxied via cloudflare and and the direct connection was to handle websites that cannot be proxied by cloudflare and also some non-website services.

cookiemonster · « **Reply #7 on:** June 14, 2024, 11:33:23 pm »

can you see the associated (manually or automatic) rule on the interface?

llek · « **Reply #8 on:** June 15, 2024, 12:53:33 pm »

Sorry for the late answer, yes, the rule gets created (when choosing "Add associated filter rule") under the ATVIE2 interface and I can see it.

llek · « **Reply #9 on:** June 15, 2024, 10:20:58 pm »

So an update, this has to do with asymmetric routing, basically, I have two gateways, the WAN and the VPN. I want all of my traffic to be routed out the regular WAN gateway and I want the requests that come in through the VPN gateway to go out the VPN gateway. I could apparently do this on pfsense just fine, but I cannot get it to work here.

Any help with this is really appreciated. Thanks!

Author Topic: WireGuard - Port forwarding to VPN wireguard host. (Read 1358 times)

llek

WireGuard - Port forwarding to VPN wireguard host.

Patrick M. Hausen

Re: WireGuard - Port forwarding to VPN wireguard host.

llek

Re: WireGuard - Port forwarding to VPN wireguard host.

llek

Re: WireGuard - Port forwarding to VPN wireguard host.

llek

Re: WireGuard - Port forwarding to VPN wireguard host.

Patrick M. Hausen

Re: WireGuard - Port forwarding to VPN wireguard host.

llek

Re: WireGuard - Port forwarding to VPN wireguard host.

cookiemonster

Re: WireGuard - Port forwarding to VPN wireguard host.

llek

Re: WireGuard - Port forwarding to VPN wireguard host.

llek

Re: WireGuard - Port forwarding to VPN wireguard host.