Great video, thanks a lot. Would there be an possibility to make site 2 connect to resources in site 1 via the hqcorp? Remote clients that would connect to hqcorp could still connect to resources in site1 and site 2 (both allowed IP Subnets set) ?
I've followed this and several other tutorials. All of them basically similar. Any pointers as to why my SiteB can access anything on siteA. However, SiteA cannot access anything on SiteB. When you try to access SiteB's subnet from SiteA, it tries to route the traffic out the wan. Even though the route to use wg1 is present on SiteA
There must be something missing in the routing tables inside of the Gateway in SiteA. If a client tries to contact a IP Adress which is not in the same LAN, i routes the traffic to the default gateway (most of times your router or probably in this case the opensense fw), then the gateway sends looks in his routing table whethever he know where to forward that traffic or not, if it doesnt its being passed to the next gateway (your ISP), but if you would add a custom routing entry for the ip subnet of SiteB, then instead of forwarding the traffic to the ISP to look up, it would forward the traffic to your wireguard tunnel.
Great video! I am trying to figure out how to tunnel all traffic for only one or two devices over the site to site. All other devices should be split tunnel. Is 'selective routing' what I am looking for? Any ideas? Thank you!
Hey there! Thanks so much for your support! I really appreciate it!! 😊 So, I haven't done this on OPNsense yet, but I have done it on other platforms. With WireGuard, I would use the option to disable routing, so WireGuard doesn't inject any routes automatically - and have the allowed IPs set to 0.0.0.0/0 to allow anything. Then you could use static (or dynamic) routes for the stuff you needed split-tunnel. For the other two hosts, source-based or policy routing to match their source IP and force them over the tunnel. I think in OPNsense, this is done in the firewall rules - where you can match source and/or destination, then set a next-hop gateway: docs.opnsense.org/manual/firewall.html
Hi there! I did some quick research on PIA, and I'm not 100% sure. It looks like they do support both OpenVPN & WireGuard - but their documentation for router-based VPN connections only reference OpenVPN. But assuming that they do support WireGuard for these types of connections, then yeah that should be doable. If you only need to route specific LAN networks out the VPN, you may need to take a look at policy routing to match those subnets & direct them appropriately.
@@0x2142 I have managed to do it with FingerlessGlov3s OPNseneePIAWireguard script, and want to share my results. The speedtest difference between openVPN and WG is momentous, from 15Mbps download to 320Mbps, and 10Mbps upload to 200Mbps with the same vpn region.
Hi, I want to integrate wireguard inside my flutter app. How can i do this? I dont have any basic knowledge about this. To have a connection inside flutter app i need to provide( address, Port , DnsServer, PrivateKey, PublicKey, Endpoint ,presharedKey etc) inside my flutter app. How can i obtain the above parameters. Do i have to use opensense and wireguard app both?
Maybe you could do a new video how to use the new way to setup a S2S VPN in OPNsense? WireGuard seems to be set to pending removal from OPNsense (It is scheduled to be removed on or after 2023-12-31). Even OpenVPN is about to be removed. Now they have added something called "VPN: OpenVPN: Instances [new]" and i think many users (including me) have no idea on how that work to setup a S2S with partial or full tunnel.
OPNSense did not remove Wireguard, they removed the plugin, because now there's a kernel integration. This setup is still working form Version 24.1 and newer.
@@fu1r4 it only looks but the only tabs that changes is the "Local -> Instances" and "Endpoints -> Peers". The other two moved to Diagnostics tab (Status, Handshakes), they are now combined.
@@MPHxthexLegendI only got 100mbit with OpenVPN, but i have now manage to setup WireGuard and i now get 490mbit. I didn't needed to add any rules to the WireGuard (Group). Instead i created a new interface and used that. Now i only want to get some of the computers to be able to access the other OPNsense internet over WireGuard. I have never got that to work, not even with OpenVPN 😪
![[How To] Set up WireGuard VPN on OPNsense (& Client Config Examples)](http://i.ytimg.com/vi/b58PpuIsQ3A/mqdefault.jpg)
![[How To] Set up WireGuard VPN on OPNsense (& Client Config Examples)](/img/tr.png)
![[How To] Protect Your Home Network with Mullvad VPN & OPNsense](/img/n.gif)
Thanks! You helped me to get the tunnel working (before your tutorial I wasted hours of lifetime based on other configs)
Dude!! You saved me some struggles here!
Great work, nice video and explanations!
Awesome 👍. Glad to hear it, and thanks for the comment!
Nice video guide! Is it possible to pass local traffic from one site to another as well?
Great video, but I think you should explain the dns server setup, not sure it is clear where the dns server(s) live ?
This is my new favorite video :)
opnsense changed all the menus at some point now I'm getting lost any chance you could do a update on this
Thanks for this video! You've earned a subscriber!
Great video, thanks a lot.
Would there be an possibility to make site 2 connect to resources in site 1 via the hqcorp?
Remote clients that would connect to hqcorp could still connect to resources in site1 and site 2 (both allowed IP Subnets set) ?
I've followed this and several other tutorials. All of them basically similar. Any pointers as to why my SiteB can access anything on siteA. However, SiteA cannot access anything on SiteB. When you try to access SiteB's subnet from SiteA, it tries to route the traffic out the wan. Even though the route to use wg1 is present on SiteA
There must be something missing in the routing tables inside of the Gateway in SiteA. If a client tries to contact a IP Adress which is not in the same LAN, i routes the traffic to the default gateway (most of times your router or probably in this case the opensense fw), then the gateway sends looks in his routing table whethever he know where to forward that traffic or not, if it doesnt its being passed to the next gateway (your ISP), but if you would add a custom routing entry for the ip subnet of SiteB, then instead of forwarding the traffic to the ISP to look up, it would forward the traffic to your wireguard tunnel.
@@HelalKusho I got it to work. Firewall rule was wrong
Great video! I am trying to figure out how to tunnel all traffic for only one or two devices over the site to site. All other devices should be split tunnel. Is 'selective routing' what I am looking for? Any ideas? Thank you!
Hey there! Thanks so much for your support! I really appreciate it!! 😊
So, I haven't done this on OPNsense yet, but I have done it on other platforms. With WireGuard, I would use the option to disable routing, so WireGuard doesn't inject any routes automatically - and have the allowed IPs set to 0.0.0.0/0 to allow anything. Then you could use static (or dynamic) routes for the stuff you needed split-tunnel. For the other two hosts, source-based or policy routing to match their source IP and force them over the tunnel. I think in OPNsense, this is done in the firewall rules - where you can match source and/or destination, then set a next-hop gateway: docs.opnsense.org/manual/firewall.html
@@0x2142 Thank you for the suggestions! I really appreciate it.
Would it be possible to setup Pia VPN with wireguard on OPNsense and creating rules to route specific lan to only NAT out to via the VPN?
Hi there! I did some quick research on PIA, and I'm not 100% sure. It looks like they do support both OpenVPN & WireGuard - but their documentation for router-based VPN connections only reference OpenVPN. But assuming that they do support WireGuard for these types of connections, then yeah that should be doable. If you only need to route specific LAN networks out the VPN, you may need to take a look at policy routing to match those subnets & direct them appropriately.
@@0x2142 I have managed to do it with FingerlessGlov3s OPNseneePIAWireguard script, and want to share my results.
The speedtest difference between openVPN and WG is momentous, from 15Mbps download to 320Mbps, and 10Mbps upload to 200Mbps with the same vpn region.
I just have access to my lan, which firewall setting I should watching? (phone + laptop)
Hi,
I want to integrate wireguard inside my flutter app. How can i do this? I dont have any basic knowledge about this. To have a connection inside flutter app i need to provide( address, Port , DnsServer, PrivateKey, PublicKey, Endpoint ,presharedKey etc) inside my flutter app.
How can i obtain the above parameters.
Do i have to use opensense and wireguard app both?
nice work
Maybe you could do a new video how to use the new way to setup a S2S VPN in OPNsense?
WireGuard seems to be set to pending removal from OPNsense (It is scheduled to be removed on or after 2023-12-31).
Even OpenVPN is about to be removed.
Now they have added something called "VPN: OpenVPN: Instances [new]" and i think many users (including me) have no idea on how that work to setup a S2S with partial or full tunnel.
OPNSense did not remove Wireguard, they removed the plugin, because now there's a kernel integration. This setup is still working form Version 24.1 and newer.
@@MPHxthexLegendIt look totally different than in this video. 😒
@@fu1r4 it only looks but the only tabs that changes is the "Local -> Instances" and "Endpoints -> Peers". The other two moved to Diagnostics tab (Status, Handshakes), they are now combined.
@@MPHxthexLegendI only got 100mbit with OpenVPN, but i have now manage to setup WireGuard and i now get 490mbit.
I didn't needed to add any rules to the WireGuard (Group). Instead i created a new interface and used that.
Now i only want to get some of the computers to be able to access the other OPNsense internet over WireGuard. I have never got that to work, not even with OpenVPN 😪