Traffic through Site to Site Wireguard between pfsense and opnsense

drmarian0

Hello
I have a Wireguard Site to Site tunnel between pfsense and opnsense - it works great.
Both LANs can see each other.
I would like one host from the pfsense local network to go to the internet through the Site2Site tunnel via opnsense WAN.
Unfortunately, I can't figure out how to do it.
On pfSense I set
Firewall->Rules->LAN: Source- host IP, Gateway: WIreguardGW -
what else do I need to set to make it work?
Regards

viragomann

@drmarian0
On OPNsense you need to add an outbound NAT rule to WAN for the source IP of the respective host.

drmarian0

@viragomann So i set:
Firewall: NAT: Outbound - Hybrid
new rule:

Interface: WAN
Source: 192.168.0.100/32 (host ip address on pfSense LAN)
Source Port: *
Destination: *
Destination port: *
NAT Address: Interface address
NAT Port: *
Static Port: *

Is that correct?
It doesn't work...
When I ping 8.8.8.8 from that host i got: From 192.168.0.1 icmp_seq=1 Destination Host Unreachable

Regards

viragomann

@drmarian0
Yes, the rule should work.

Ensure that the policy routing rule on pfSense is applied. Is it configured for any protocol? If it's TCP only ping will not work.
Enable logging, then try to access a public IP and check the log
after.

Or run a packet capture on OPNsense on the WG interface to verify that the upstream traffic is routed over the VPN.