Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[Solved] Wireguard SiteToSite with one public IP address problem
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Solved] Wireguard SiteToSite with one public IP address problem (Read 390 times)
departy
Newbie
Posts: 2
Karma: 0
[Solved] Wireguard SiteToSite with one public IP address problem
«
on:
August 13, 2024, 11:41:34 am »
Hello, I am trying to config WireGuard Site To Site with only one public IP address.
Lets call them
Network A - Public IP
Network B - Behind NAT
Both Sites are on LATEST version of OpnSense
Owned networks
Network A:
10.0.0.0/24
10.2.20.0/24
10.2.30.0/24
Network B:
10.2.0.0/24
Network A
Name: WireGuard.A
PublicKey: <key>
PrivateKey: <key>
Listen Port <port>
Tunnel Address: 10.25.25.1/24
Peers: <NetworkB.Gateway>
Peer:
Name: NetworkB.Gateway
PublicKey: <key>
Pre-shared key: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.25.25.2/32, 10.2.0.0/24
KeepAlive: 10s
Network B:
Instance:
Name: WireGuard.NetworkA
PublicKey <key>
PrivateKey: <key>
ListenPort: <port>
Tunnel Address: 10.25.25.2/32
Peers: NetworkA.Gateway
Peer B:
Name: NetworkA.Gateway
PublicKey: <key>
PresharedKey: <key>
AllowedIPs: 10.25.25.0/24, 10.2.20.0/24, 10.0.0.0/24, 10.2.30.0/24, 10.2.0.0/24
Endpoing: gateway.networkA.com
endpoint port: <port>
KeepAlive: 10s
I have NAT rules:
From * to * on WireGuard NetworkA and B interfaces
Problem:
When I ping from Network B anything in 10.2.20.0/24 and 10.0.0.0/24 IT WORKS
But it doesnt work backwards. When Network A pings anything from Network B i get Timeout:
PING 10.2.0.5 (10.2.0.5): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
I read online that this might be due to some rules, but I have Allow ALL everywhere
What did a package capture and noticed that the package go through but it doesnt go back for some reason:
https://ibb.co/8DQkRmx
I am unable to troubleshoot this on my own, would like to ask the community for help. I do not know what I am doing wrong.
If two sites had public IPs would have been easier
Thanks in advance!
-----------------------------------
Added Images for easier view:
https://ibb.co/T2h6Tpm
https://ibb.co/8DQkRmx
https://ibb.co/p4f3wkk
https://ibb.co/23hk8PF
https://ibb.co/fSL3sKK
https://ibb.co/DCLWW4V
https://ibb.co/276Rgvc
https://ibb.co/NtjN8Xj
https://ibb.co/Jz6Xgr4
«
Last Edit: August 13, 2024, 01:44:56 pm by departy
»
Logged
departy
Newbie
Posts: 2
Karma: 0
Re: Wireguard SiteToSite with one public IP address problem
«
Reply #1 on:
August 13, 2024, 01:44:43 pm »
Solved.
I happened to have more than one Peer with the same AllowedIP addresses and I guess it was causing routing issue.
Deleted all others Peers with same routes and problem disappeared.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
[Solved] Wireguard SiteToSite with one public IP address problem