Routing questions Site2Site Wireguard
-
Hello!
I currently struggle to create an appropriate route for my needs.
I have 2 sites with pfSense boxes.
Site A:
Lan: 192.168.1.0/24
Wireguard Gateway: 10.100.90.0Site B:
192.168.2.0/24
Wireguard Gateway: 10.100.90.1I pretty muched used the guide provided by netgate and Christian.
https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/configure.html#additional-configuration-steps
https://www.youtube.com/watch?v=2oe7rTMFmqcMy goal is to now have a device on Site B with the IP of 192.168.2.60 to connect through the wireguard tunnel to Site A and route the traffic via Site A Wan.
Any help would be greatly appreciated.
Thank you. -
@thisisagoodfirewall Have you done it with OpenVPN before?
-
@thisisagoodfirewall
Interesting. So the whole B subnet accesses the A subnet, but just the one host uses the other gateway?It's this a streaming box by any chance?
If so, probably easier to install a VPN on it and force that to use the A gateway.I'll be watching this to see if anyone has a way of accomplishing what you want though.
-
@bob-dig said in Routing questions Site2Site Wireguard:
@thisisagoodfirewall Have you done it with OpenVPN before?
Yes, I have a working wireguard tunnel to a docker container with the WAN IP address of Site A.
This is working fine for a Windows Box where I can establish a tunnel.I want my LG TV, sitting at Site B to have its traffic routed through the site2site tunnel to get the WAN address of Site A.
@jarhead said in Routing questions Site2Site Wireguard:
@thisisagoodfirewall
Interesting. So the whole B subnet accesses the A subnet, but just the one host uses the other gateway?It's this a streaming box by any chance?
If so, probably easier to install a VPN on it and force that to use the A gateway.I'll be watching this to see if anyone has a way of accomplishing what you want though.
Yes, that is my plan. Couldn't figure it out by now.
LG Oled TV
give me wireguard for LG webOS please.
Any help is greatly appreciated.
-
@thisisagoodfirewall Might want to see if you can install OpenVPN for now. Wireguard is still very young but the OpenVPN client can do it no problem.
-
@jarhead
Yes, but I can not install OpenVPN on the SmartTV.I have a small PC connected to the TV which provides a wireguard tunnel to the WAN of SiteA providing the needed IP address for IPTV to work.
They just check which IP is connecting to their CDN and deliver the stream.
https://www.magentatv.at/I want my SmartTV to be routed through LAN_b > wireguard to SiteA > WAN_a IP via pfsense routing/firewall.
Regards!
Here in a picture.
-
Any ideas guys? Who could I ask? :)
-
@thisisagoodfirewall said in Routing questions Site2Site Wireguard:
@bob-dig said in Routing questions Site2Site Wireguard:
@thisisagoodfirewall Have you done it with OpenVPN before?
Yes, I have a working wireguard tunnel to a docker container with the WAN IP address of Site A.
This was not my question.
Anyway, have a look here and start with 5. something. -
I am sorry. I need to differentiate OpenVPN and Wireguard.
I have a working OpenVPN Site 2 Site Tunnel working now as mentioned in the netgate docs.
Given the working tunnel - what are my further steps to have the traffic of the TV device on the client side go via the servers public wan address?
Thank you vm.
-
@thisisagoodfirewall Sry, link was wrong, now fixed. You need outbound NAT (9.) and policy based routing and maybe your WG config has to be modified, can't tell because I can't see it.
-
No worries.
Getting my head around the outbound NAT. Working!
Not sure how to properly setup policy based routing.My WG config is identical to the official docs given at
https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html
and the video
https://www.youtube.com/watch?v=2oe7rTMFmqcCan the outbound NAT and policy based routing be applied to the wg tunnel? If not - do I need to disable it?
