Reverse Tunnel over Wireguard VPN
Hi
I have two Firewalla devices, a gold and a purple SE. Gold is installed in my office and configured as a Wireguard VPN server. PurpleSE is configured at home in a router mode. My home internet connection is under a CGNAT and so I'm not able to host a VPN server at home and establish a site-to-site connection between office and home.
My question is as follows.
I'm able to connect to my office VPN server from home. Is there a way when I browse from my office devices I can forward the web traffic through by home network, something like a reverse proxy. How can i configure it in firewall
-
-
I have successfully established a site-to-site VPN using Firewalla, but I am encountering difficulties when it comes to configuring the reverse traffic flow or enabling browsing of internet traffic over the WireGuard client. Despite my efforts, I have not been able to achieve the desired functionality through the Firewalla app.
Wireguard client ==> wireguard server --- Internet is passing over the server. we can control it over the firewall app
Wireguard server ==> Wireguard client --- not way to divert internet traffic over the client side. I can access the clients and services like SSH.
Do we need to do a manual routing in the firewalla box ??
-
Did you try outbound policy? https://help.firewalla.com/hc/en-us/articles/5515850433683-Firewalla-Site-to-Site-VPN
You can search for it in above article "Outbound Policy", that controls where internet will go out
-
@ Lloyd
Do you have IPv6 on your home network? If you do, you can still use your gold at home as the VPN server. We've supported establishing a VPN tunnel using IPv6, all you have to do is to go to VPN server page, tap on DDNS, and change the IP Address Type to IPv6 Only. More detail can be found here in our 1.976 release notes.
--To answer your question on Reverse Tunnel, no, site-to-site VPN doesn't support sending Internet traffic from the server site to the client site. However, this feature will be supported with Mesh VPN, if you use multiple boxes to establish a Mesh VPN network, you can select any box as the internet outbound node.
-
So now I have an ipv6 on my network, set up a Wireguard server and changed the DDNS to resolve only ipv6 address. But if i try to connect to this server from the other firewall box which doesn't support ipv6 (ISP limitation) connection is not established. I created a wireguard client from a digital ocean droplet with ipv6 support, it connects but it's too slow and not stable. When i looked at the documentation i found that Firewalla VPN client does NOT support IPv6. IPv6 traffic will be blocked by Firewalla when the VPN is connected. (VPN Client – Firewalla).
So my assumption is
1. We can create wireguard server using IPv6 interface using firewalla
2. But we cannot connect from the firewalla wireguard client because of the above limitation
Are my assumptions correct? Is there a way we can make the Firewalla Wireguard client connect to the ipv6 based Firewalla server ?
Please sign in to leave a comment.
Comments
13 comments