Author Topic: Wireguard instance allowing internet, but blocking access to other IPs on LAN (Read 1296 times)

catapimba · « **on:** June 25, 2024, 12:24:07 am »

Hi! Newbie here!

I have successfully configured my wireguard following the Road Warrior setup, but i'd like to have another instance with only internet access using my DNS.

If I remove the 2nd rule in step 5 of the tutorial (https://docs.opnsense.org/manual/how-tos/wireguard-client.html), which allow access to any IP in any subnet, my client cannot access internet too. I was not able to identify the problem, what am I missing? Is this possible?

tiermutter · « **Reply #1 on:** June 25, 2024, 01:10:04 am »

For that rule, allow traffic to your DNS (OPNsense?) instead to any and give it your DNS port as destination.

You could also use only one instance, applying this rule only for specific WG client IPs as source, there is no need for a second instance.

catapimba · « **Reply #2 on:** June 26, 2024, 02:30:23 am »

I appreciate the help. If I understood correctly, I should change the destination port range. However, as you can see in the image, the destination port is locked, I tried to change the destination to other values to see if I would unlock the selection, but no luck.

tiermutter · « **Reply #3 on:** June 26, 2024, 06:29:33 am »

Set protocol to TCP/UDP, then you can add the port.

Author Topic: Wireguard instance allowing internet, but blocking access to other IPs on LAN (Read 1296 times)

catapimba

Wireguard instance allowing internet, but blocking access to other IPs on LAN

tiermutter

Re: Wireguard instance allowing internet, but blocking access to other IPs on LAN

catapimba

Re: Wireguard instance allowing internet, but blocking access to other IPs on LAN

tiermutter

Re: Wireguard instance allowing internet, but blocking access to other IPs on LAN