Welcome to the Home Network Guy forum!

Main Menu

Wireguard Site-to-site with selective routing

Started by ReDaLeRt, December 28, 2021, 08:19:16 AM

Previous topic - Next topic



I followed the tutorial here, as a first troubleshooting step:

My issue with selective routing is accessing a specific public ip range ( from an Openwrt Site "B" connected site-to-site through an OPNsense Site "A".

Configuring that subnet range on the Site "B" as "allowed ips" to the tunnel, so that Site "B" could access it through the Site "A", it isn't working as expected:


Tracing route to over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  OpenWRT.lan []
  2    17 ms    14 ms    15 ms
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
10     *        *        *     Request timed out.
11     *        *        *     Request timed out.
12     *        *        *     Request timed out.
13     *        *        *     Request timed out.
14     *        *        *     Request timed out.
15     *        *        *     Request timed out.

The site "B" LAN range is with tunnel IP, the Site "A" is with tunnel IP, and the WG tunnel range is Both sites are connected to the internet with public IP addresses on their WAN interfaces.

The OPNsense configuration is presented within the attachments bellow.

A half workaround on the site B is to enable masquerading to get selective routing, but blocks site A to access site B:

uci set firewall.lan.masq="1"
uci commit firewall
/etc/init.d/firewall restart

I'm hoping that someone could shed some light into this. :-)



Additionally, I manage to capture a traceroute from a client on the B site, to the IP range

Home Network Guy

I personally haven't tried a site-to-site WireGuard VPN with selective routing so I am unable to offer much help but if anyone else who browses the forums has any advice, that would be great.