WireGuard Site-to-Site without nat

Started by barneby, July 23, 2024, 06:20:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 23, 2024, 06:20:42 PM
I have wg s2s configured using that wizard https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html#step-3a-setup-wireguard-peer-on-opnsense-site-a. When I try to ping the remote LAN addresses from the router, everything works.

The problem is when I want to ping the addresses of the remote LAN network from some of the hosts in the local LAN network. Such a request will not come. Traceroute shows that it terminates at the local router.

When I set up snat, everything works, but I don't want to use snat for the s2s network, because I want the networks to see each other's source addresses.

My nat rules are set to Hybrid outbound NAT rule generation and I have no custom rules added.

Are there any other settings I should make so that s2s networks can communicate without nat?
July 23, 2024, 08:10:55 PM #1
Put the respective remote LAN in the AllowedIPs on each side.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 23, 2024, 08:22:07 PM #2
this i already have that set up
July 23, 2024, 08:26:17 PM #3
So I solved it. The problem is that on one side I had IPsec turned on, which routed to the same LAN subnet.
Print
Go Up Pages1
User actions