well I got all confused now.You can access the OPN firewall from the inside, right? And now want to setup a VPN so you can connect to "it" when away, correct?
The "it" is important here. Normally the VPN is used to connect to "it" to reach the network inside it, i.e. the LAN from the WAN. Connecting to the firewall itself, like for managing it, needs additional steps.The links I shared although a little old should have the additional steps, which normally mean "allow all ips".WG is easier than OpenVPN by the way.
Client configuration is largely beyond the scope of this how-to since there is such a wide array of possible targets (and corresponding configuration methods)
In this tutorial, we setup a WireGuard client on macOS. Before following this tutorial, you should already have a working WireGuard server running. Install the WireGuard app for macOS.
sudo wg show wg0
command not found: wg
sudo install wireguard-tools
usage: install [-bCcpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 file2 install [-bCcpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 ... fileN directory install -d [-v] [-g group] [-m mode] [-o owner] directory ...
Start by setting up the ddns please.
WG is easier than OpenVPN by the way.
It starts with:QuoteIn this tutorial, we setup a WireGuard client on macOS. Before following this tutorial, you should already have a working WireGuard server running. Install the WireGuard app for macOS.OK, clicked on https://wireguard.how/server/But there is no guide for Mac there! Really? This is just a big b***hit.
Of course you need to have a working WG server running - on your OPNsense! - to use the app for the Mac. Nowhere does this statement imply you need a server for the Mac.
I can't help with MacOS for the moment.Let's stick with WG.At step 6 you use wg-tools on your MacOS. Are you able to get here? Are you able to stay on IPV4 only?If yes, we just need to let you know which keys go where. Because of their shared names "public key", "private key", it might make it unclear which one goes where.
WireGuard for MacOS is on the App Store:https://www.wireguard.com/install/
Wireguard from Mac with the Wireguard Appfollowed this tutorial first:https://docs.opnsense.org/manual/how-tos/wireguard-client.htmlbut at Step 6, surprize....
On OPNsense,- do you have a firewall rule on WAN permitting 51820/UDP to "WAN address"?
- do you have a firewall rule on the "WireGuard" interface group (or an assigned interface if you did that) with "allow * *"?
Quote from: Patrick M. Hausen on August 05, 2024, 11:13:13 amOn OPNsense,- do you have a firewall rule on WAN permitting 51820/UDP to "WAN address"?Nope, because there is nothing about in the manual. Only UDP to 1194 and 1412.
Source: any/*Destination: WAN addressDestination port: 51820Protocol: UDPAction: allowHTH,Patrick