Jump to content
Not connected, Your IP: 216.73.216.15
AirVPN
steven-seagull

ANSWERED Opnsense wireguard port forward and local network

By steven-seagull, ... in Troubleshooting and Problems

Recommended Posts

steven-seagull    0

steven-seagull
Posted ...

I have selective routing configured on my network using wireguard in opnsense and have the following setup:

  • Host A is routed through AirVPN wireguard interface
  • Host A is listening to port 56310 which is forwarded on AirVPN
  • The port test is working on AirVPN's website
  • Host B is not routed through AirVPN, traffic goes through WAN interface

I can connect to Host A from an external network to {airvpnIP}:port. But I can't connect to Host A from Host B (on the same LAN) using {airvpnIP}:port. Am i missing a rule to allow this connection?  Any help would be appreciated.

Share this post

Link to post

steven-seagull    0

steven-seagull
Posted ...

Got it working with the help of deepseek ai:

  1. Create NAT Port Forward rule
    1. Go to Firewall > NAT > Port Forward
    2. Click "Add" to create a new rule
    3. Configure with these settings:
      1. Interface: LAN
      2. Protocol: TCP/UDP (or your specific protocol)
      3. Destination: VPN provider's public IP (the one assigned to your WireGuard tunnel)
        1. I created an alias for the airdns url, ie: xyz.airdns.org and used that instead of the public IP
      4. Destination port range: The port forwarded by your VPN provider
      5. Redirect target IP: Your host's LAN IP
      6. Redirect target port: The local port on your host
      7. Description: e.g., "Hairpin NAT for VPN host access"
      8. Filter rule association: "Add associated filter rule"
  2. Verify Firewall Rule
    1. Go to Firewall > Rules > LAN
    2. Look for a rule that allows traffic to your host's LAN IP on the specified port
  3. Add Outbound NAT Rule
    1. Go to Firewall > NAT > Outbound
    2. Enable "Hybrid outbound NAT rule generation"
    3. Add a manual rule:
      1. Interface: LAN
      2. Source: LAN net
      3. Destination: Your host's LAN IP
      4. NAT Address: Your OPNsense LAN IP
      5. Static Port: Checked

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...