Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
WireGuard service traffic routing/force unique gateway
« previous
next »
Print
Pages: [
1
]
Author
Topic: WireGuard service traffic routing/force unique gateway (Read 453 times)
mokaz
Newbie
Posts: 13
Karma: 1
WireGuard service traffic routing/force unique gateway
«
on:
August 22, 2024, 01:45:20 pm »
Hi all,
I'll try to summarize my setup:
- wg0 instance reachable through the WAN interface + peers + config + unbound DNS etc etc (all working super duper fine)
- ovpnc1 interface where I'm routing wg clients 0.0.0.0/0 type of traffic (working super duper)
My only current concern is that this setup as somewhat of an asymmetrical routing issue, as either WAN or ovpnc1 could reach 0.0.0.0/0 -- I sometimes have witnessed some UDP:51820 source port bound packets to fly out over the overlay/ovpnc1 interface, which is unwanted. I did countermeasure that through the firewall but I'd been hunting for a cleaner solution.
Would it be possible to bound a specific and unique gateway to the WireGuard service itself? Hence always receiving and sending WireGuard tunnel service traffic over the exact same interface/gw combo at the opnsense level.
Let me know,
Regards,
m.
Logged
mokaz
Newbie
Posts: 13
Karma: 1
Re: WireGuard service traffic routing/force unique gateway
«
Reply #1 on:
August 24, 2024, 10:01:33 am »
Hi again all,
So after troubleshooting a notch more, it turns out that:
- source port UDP:51820 packets flying out over the overlay only occurs upon peer "disconnection" (when turning WG tunnel OFF on the client device).
- the time frame while this is occuring is always around 900 seconds, I suspect CLOSE_WAIT and TIME_WAIT sessions perhaps.
Thanks for any possible advice here.
Cheers,
m.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
WireGuard service traffic routing/force unique gateway