Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
multiple wireguard instances not routing
« previous
next »
Print
Pages: [
1
]
Author
Topic: multiple wireguard instances not routing (Read 67 times)
Tadeus99
Newbie
Posts: 7
Karma: 1
multiple wireguard instances not routing
«
on:
November 28, 2024, 04:53:43 pm »
OPNsense 24.7.9_1-amd64
This is based on the OPNsense docs on azire-vpn road warrior example.
The OPNsense router has 3 lan Ethernet ports, each for a different lanX subnet exiting to a gateway that is a wgX tunnel. Each wgX tunnel has different wg keys, is connected to a different server and shows a handshake time, appearing to be connected
All works in the first lan. The other 2 have no traffic going thru.
The routing table only shows entries for the lan0 tunnel
Proto Destination Gateway Flags Use MTU Netif Netif (name)
ipv4 0.0.0.0/1 link#9 US NaN 1420 wg0 wireguard lan0
ipv4 10.0.0.0/8 link#9 U NaN 1420 wg0 wireguard lan0
ipv4 128.0.0.0/1 link#9 US NaN 1420 wg0 wireguard lan0
Wireguard logs show errors in all 3 opt interfaces
2024-11-28T14:07:11 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: not a valid opt3 interface gateway address: 'missing'
2024-11-28T14:04:52 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: not a valid opt4 interface gateway address: 'missing'
2024-11-28T13:59:39 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: not a valid opt5 interface gateway address: 'missing'
But only show this for lan1 and lan2, lan0 connects and works fine.
2024-11-28T14:07:11 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'inet' '128.0.0.0/1' -interface 'lan2'' returned exit code '1', the output was ''
2024-11-28T14:07:11 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'inet' '0.0.0.0/1' -interface 'lan2'' returned exit code '1', the output was ''
2024-11-28T14:07:11 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'inet' '128.0.0.0/1' -interface 'lan1'' returned exit code '1', the output was ''
2024-11-28T14:07:11 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'inet' '0.0.0.0/1' -interface 'lan1'' returned exit code '1', the output was ''
If any of the 3 wireguard connections is enabled while disabling the other 2, that port/lan/connection works, traffic goes thru. Meaning the wireguard keys, ports,etc and opnsense firewall rules would be ok.
Hoping for some ideas on why the routing table only shows 1 out of 3 wg connections.
Logged
dseven
Sr. Member
Posts: 327
Karma: 34
Re: multiple wireguard instances not routing
«
Reply #1 on:
November 28, 2024, 05:11:51 pm »
If your intent is to have each LAN use a different VPN, you probably want to use the "Disable routes" option for your WireGuard instances, and use policy-based routing.
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
for the general direction....
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
multiple wireguard instances not routing