Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Configuring firewall and routing for a standalone wireguard server in LAN
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Configuring firewall and routing for a standalone wireguard server in LAN (Read 327 times)
dseven
Sr. Member
Posts: 268
Karma: 28
Re: Configuring firewall and routing for a standalone wireguard server in LAN
«
Reply #15 on:
November 10, 2024, 03:59:33 pm »
So if you use the correct address for your WG network, and don't invert, does that work?
Logged
ThisUsernameHasBeenTaken
Newbie
Posts: 12
Karma: 0
Re: Configuring firewall and routing for a standalone wireguard server in LAN
«
Reply #16 on:
November 10, 2024, 04:18:23 pm »
Nevermind. I have rebooted the OPNsense and everything went back to normal. I.e. the rule which makes sense now is working and I got the Internet and all access.
I really don't know what happened - cache maybe?
The configuration that works for me (maybe it will be useful for somebody):
Set up the Wireguard server on a host inside the LAN with no masquerading. Enable net.ipv4.ip_forward=1 and net.ipv4.conf.all.proxy_arp=1 options. Make its IP static and remember it.
Configure peers
Create a Port Forward rule to forward incoming connections from WAN port to the Wireguard server port.
Create a Pass rule for the WAN interface to allow connections to the Wireguard port.
Create a Pass rule in the LAN firewall section to allow connections from the Wireguard network (i.e. source = Wireguard network)
Go to Firewall -> Settings -> Advanced and enable "Static route filtering" setting
Go to System -> Gateways -> Configuration and add a new gateway in the LAN interface with the priority less than WAN gateway and address pointing to the Wireguard server
Go to System -> Routes and create a new route to Wireguard network address via freshly created Gateway
Go to Firewall -> NAT -> Outbound. Set "Hybrid outbound NAT rule generation" mode and add a new rule: Interface = WAN; Source = Wireguard network
Optional: I have also created a firewall alias for the Wireguard network - it looks better in my opinion...
@dseven, thank you very much for your help and advice!!!
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Configuring firewall and routing for a standalone wireguard server in LAN