WireGuard - Port forwarding to VPN wireguard host.

Started by llek, June 14, 2024, 05:58:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 14, 2024, 05:58:53 PM Last Edit: June 15, 2024, 12:56:12 PM by llek
Hello, I've just come to OPNsense from PFsense. Everything went smoothly apart from this.
Now I had this setup on pfsense for about 2 years now so I know that the port forwarding to the wireguard client on the server is setup correctly.

I've managed to setup "Host -> OPNsense -> Wireguard server -> Internet" configuration just fine however I am struggling to setup "Internet -> Wireguard server -> OPNsense -> Host" basically said port forwarding to the VPN interface.

I am attaching my current port forward config (HTTPS). If I need to attach anything else, please let me know!

The port is not open for some reason.

I am right now stuck and I really don't know what to do next. Any help is appreciated.
Thank you!
June 14, 2024, 05:59:52 PM #1
Change Filter rule association to "Pass".
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 14, 2024, 06:08:06 PM #2
Thank you for the very quick response!

I changed the "Filter rule assosciacion" to "Pass" however the port is still unreachable.

June 14, 2024, 07:01:06 PM #3 Last Edit: June 14, 2024, 07:18:53 PM by llek
So an update, it seems that the firewall does let it through as seen in the attached screenshot. However I do not get anything either when I scan the port, or when I try to load the website on that web server.
June 14, 2024, 07:42:26 PM #4
Please ignore the previous post, these are the real logs, however, on port 80 - but it's setup exactly like port 443.

Maybe there is a problem with the reply from the webserver?
June 14, 2024, 09:12:03 PM #5
Did you move your UI to a different port than 443 and also disable HTTP --> HTTPS redirect for the UI?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 14, 2024, 09:29:14 PM #6
Yes, I have it on 8443. I did not have the redirects disabled, but I tried to disable them just now and still nothing.

It's also good to mention that this webserver is already forwarded to my native WAN - this IP is for services that can be proxied via cloudflare and and the direct connection was to handle websites that cannot be proxied by cloudflare and also some non-website services.
June 14, 2024, 11:33:23 PM #7
can you see the associated (manually or automatic) rule on the interface?
June 15, 2024, 12:53:33 PM #8
Sorry for the late answer, yes, the rule gets created (when choosing "Add associated filter rule") under the ATVIE2 interface and I can see it.
June 15, 2024, 10:20:58 PM #9
So an update, this has to do with asymmetric routing, basically, I have two gateways, the WAN and the VPN. I want all of my traffic to be routed out the regular WAN gateway and I want the requests that come in through the VPN gateway to go out the VPN gateway. I could apparently do this on pfsense just fine, but I cannot get it to work here.

Any help with this is really appreciated. Thanks!
Print
Go Up Pages1
User actions