Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Master Untangler
    Join Date
    Apr 2007
    Posts
    594

    Default Wireguard VPN while inside network with Untangle wireguard server

    We have used openvpn a lot up to now but were testing wireguard. We use full tunnel on both openvpn and wireguard.

    With openvpn when a remote user brings a device onsite that is not local to the untangle acting as an openvpn server everything works fine. The openvpn connection pauses and doesn't work because it is now local and all traffic is passed as local and internet access works.

    We tested this same scenario with wireguard but it doesn't function. It appears on windows client at least that wireguard tries to connect and pass all traffic through the interface and when onsite with the untangle device it will then just not pass anything.

    Not sure if this is something that untangle can fix or if this is a wireguard client problem but I wanted you to be aware of the situation to see if a fix could be implemented.

    Please let me know if you would need more clarification.
    pmterp likes this.

  2. #2
    Newbie
    Join Date
    Oct 2017
    Posts
    9

    Default

    Have this same issue, any solution to it?

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Check your access rules, OpenVPN and Wireguard have basically the same controls. That is to say, they don't connect when they see a connection from a non-wan interface.

    OpenVPN for Windows as a client does handle this better, but at times falls flat on its face. I've seen plenty of really annoying things happen when users forget to disconnect before they come into the office.

    Wireguard I'd expect to be more problematic in this regard not less... the client simply isn't as mature. We couldn't even get users without admin rights into a tunnel until extremely recently.

    So I don't expect there to be a fix for this at this time, but I'll also admit i don't know enough about Wireguard personally yet to make that pronouncement with any sort of authority.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler
    Join Date
    Dec 2020
    Posts
    51

    Default

    same issue here

  5. #5
    Newbie
    Join Date
    Oct 2017
    Posts
    9

    Default

    Quote Originally Posted by sky-knight View Post
    Check your access rules, OpenVPN and Wireguard have basically the same controls. That is to say, they don't connect when they see a connection from a non-wan interface.

    OpenVPN for Windows as a client does handle this better, but at times falls flat on its face. I've seen plenty of really annoying things happen when users forget to disconnect before they come into the office.

    Wireguard I'd expect to be more problematic in this regard not less... the client simply isn't as mature. We couldn't even get users without admin rights into a tunnel until extremely recently.

    So I don't expect there to be a fix for this at this time, but I'll also admit i don't know enough about Wireguard personally yet to make that pronouncement with any sort of authority.
    Thanks, this works perfectly. I only have this issue with mobile phones where I forced the vpn to be connected at all times.

  6. #6
    Untangler
    Join Date
    Feb 2019
    Posts
    33

    Default

    I'm doing some testing with wireguard on untangle I noticed If I don't turn the wireguard client off when connected to local network I'm not able to access local network or the internet. I have wiregaurd setup on a unifi network on a raspberry pi and local lan and internet works fine if I don't turn off the wiregaurd client. Which is actually one of the great features of wireguard according to the guy that wrote the code. Something about wireguard being layer 3 blah blah way over my head. So it's untangle access rules blocking the traffic. I made a rule in Access Rules allowing udp port 51820 source internal and all seems to work fine.
    wireguard.png
    I'm not really sure if that's going to cause problems or somehow creates a security risk????
    Last edited by pcwatermods; 12-16-2020 at 12:04 PM.

  7. #7
    Master Untangler
    Join Date
    Oct 2017
    Posts
    161

    Default

    Quote Originally Posted by pcwatermods View Post
    I'm doing some testing with wireguard on untangle I noticed If I don't turn the wireguard client off when connected to local network I'm not able to to access local network or the internet. I have wiregaurd setup on a unifi network on a raspberry pi and local lan and internet works fine if I don't turn off the wiregaurd client. Which is actually one of the great features of wireguard according to the guy that wrote the code. Something about wireguard being layer 3 blah blah way over my head. So it's untangle access rules blocking the traffic. I made a rule in Access Rules allowing udp port 51820 source internal and all seems to work fine.
    wireguard.png
    I'm not really sure if that's going to cause problems or somehow creates a security risk????
    Same issue here with my testing. No access while connected via Wi-Fi to my home network. When I turn Wi-Fi off on the device it connects fine except to nest cameras and unifi protect cameras. I’m running unifi switches and AP’s as well.

  8. #8
    Newbie
    Join Date
    Nov 2017
    Posts
    10

    Default

    same issue here

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    This is not an issue, this is by design. VPNs will not work from inside the Untangle that's hosting them.

    That may or may not be appropriate for Wireguard, but that's the default.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Master Untangler
    Join Date
    Apr 2007
    Posts
    594

    Default

    Quote Originally Posted by sky-knight View Post
    This is not an issue, this is by design. VPNs will not work from inside the Untangle that's hosting them.

    That may or may not be appropriate for Wireguard, but that's the default.
    Sorry, the point here is not to get wireguard to work from inside the network that untangle is at. Comparing to openvpn when I take my laptop inside the network where untangle is then openvpn pauses the connection so normal network traffic will work without my intervention. Wireguard doesn't do this instead locks the connection and I have to manually disconnect to get connectivity back from inside the network.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2