1

I'm setting up Wireguard to tunnel from a cloud VM to our internal network. The local server is using the Wireguard plugin for OPNSense.

OPNSense acts as firewall, dhcp, etc.
The cloud VM is not behind any firewall or anything.

Server:

interface: wg0
  public key: redacted
  private key: (hidden)
  listening port: 42001

peer: redacted
  endpoint: CLOUD_VM_PUBLIC_IP:42001
  allowed ips: 10.0.1.42/32
  latest handshake: 48 seconds ago
  transfer: 184.23 KiB received, 186.37 KiB sent
  persistent keepalive: every 21 seconds

Client:

  public key: redacted
  private key: (hidden)
  listening port: 42001

peer: redacted
  endpoint: LOCAL_PUBLIC_IP:42001
  allowed ips: 10.0.0.0/16
  latest handshake: 2 minutes, 14 seconds ago
  transfer: 1.30 KiB received, 1.20 KiB sent
  persistent keepalive: every 21 seconds

Client config:

[Interface]
# set address to next address
Address = 10.0.1.42/16
ListenPort = 42001
PrivateKey = redacted
DNS = 1.1.1.1

[Peer]
PublicKey = redacted
Endpoint = LOCAL_PUBLIC_IP:42001
AllowedIPs = 10.0.0.0/16
PersistentKeepalive = 21

With this configuration, I can connect to the VM using the internal IP address 10.0.1.42 on OPNSense, but anything else shows 'Destination Host Unreachable'. And trying to ping any internal ip in 10.0.0.0/16 from the cloud VM times out.

cclloyd
  • 583
  • 1
  • 13
  • 24

0 Answers0