I have a client that I installed and SG2100 at each of his business locations and setup a Wireguard tunnel so they could access resources between locations. This is working fine and there are no issues with that.
The owner also connects from home via OpenVPN. He can access resources at the site that he connects to, but not resources across the Wireguard tunnel at the second site.
This feels like a firewall issue, but I’ve poured through the logs and can’t see where anything is being blocked.
Can anyone add any insight on this? I have tried adding the OpenVPN subnet to the allowed ranges on the Wiregaurd tunnel, as well as pushing the route for the second site in the OpenVPN config.
It smells like a routing issue. Both sites will use different network addresses.
Important: I am assuming that the client only uses the tunnel for the connected network, and does not tunnel traffic for the Internet through the tunnel. Then the following should be a good direction:
The OpenVPN tunnel will only route the network address for the connected site and push a route for this to the client. You need to push also a route for the other site to go through the tunnel, so the client knows that this network exists and that it is reachable through OpenVPN.
I’d try the same using ping and then looking with wireshark where it comes along, how far it gets
check the openvpn interface if it is reaching the pfsense, and htne check the wireguard interface, if it got routed there.
check also if it leaves the wirguard tunnel on site 2 and if the pinged host sends a replay.
you may well have a working route from openvpn to site 2, but the response might get lost. Have you checked that hosts on site 2 can reach the openvpn address range?