(1) Peer settings are incorrect and missing the endpoint port
/interface wireguard peers
add allowed-address=10.10.150.0/24 client-address=10.10.140.63/32 \
client-endpoint=195.4.209.213 interface=wireguard-client \
persistent-keepalive=25s private-key=\
"kOoHLfgEJ1gRqQlxVONRF3eQ1eFRflXOkHpLkFuNx0M=" public-key=\
"1cp2GkWEw2bZtsizc0p1/m19AWTrVTMGW6oLQIPTxSg="
Should be:
/interface wireguard peers
add allowed-address=10.10.140.0/24 10.10.150.0/24
client-endpoint=195.4.209.213 endpoint port=??????? interface=wireguard-client \
persistent-keepalive=25s private-key=\
"kOoHLfgEJ1gRqQlxVONRF3eQ1eFRflXOkHpLkFuNx0M=" public-key=\
"1cp2GkWEw2bZtsizc0p1/m19AWTrVTMGW6oLQIPTxSg="
NOTE: Since I dont know the listening port on the server for handshake (OPsense) I didnt know what to put for ???????
(2) WHY IS THIS RULE DISABLED its a GOOD rule???
add disabled=yes distance=1 dst-address=10.10.150.0/24 gateway=\
wireguard-client pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
Clearly there is either a need for local users to visit this subnet at the OPsense, or this subnet exists on the OPsense and needs to visit your local subnets.
Either way, a route is needed on the MT to tell the router where to send packets to for this subnet as it is not local.
/interface wireguard peers
add allowed-address=10.10.150.0/24 client-address=10.10.140.63/32 \
client-endpoint=195.4.209.213 interface=wireguard-client \
persistent-keepalive=25s private-key=\
"kOoHLfgEJ1gRqQlxVONRF3eQ1eFRflXOkHpLkFuNx0M=" public-key=\
"1cp2GkWEw2bZtsizc0p1/m19AWTrVTMGW6oLQIPTxSg="
Should be:
/interface wireguard peers
add allowed-address=10.10.140.0/24 10.10.150.0/24
client-endpoint=195.4.209.213 endpoint port=??????? interface=wireguard-client \
persistent-keepalive=25s private-key=\
"kOoHLfgEJ1gRqQlxVONRF3eQ1eFRflXOkHpLkFuNx0M=" public-key=\
"1cp2GkWEw2bZtsizc0p1/m19AWTrVTMGW6oLQIPTxSg="
NOTE: Since I dont know the listening port on the server for handshake (OPsense) I didnt know what to put for ???????
(2) WHY IS THIS RULE DISABLED its a GOOD rule???
add disabled=yes distance=1 dst-address=10.10.150.0/24 gateway=\
wireguard-client pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
Clearly there is either a need for local users to visit this subnet at the OPsense, or this subnet exists on the OPsense and needs to visit your local subnets.
Either way, a route is needed on the MT to tell the router where to send packets to for this subnet as it is not local.
Statistics: Posted by anav — Tue Dec 12, 2023 10:33 pm