Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Allow 3rd Party Wireguard VPN to Access LAN ressources from offsite Server

Hello everyone Slight smile
I am struggeling with the following:

The customer has microtik router that connects via wireguard VPN to a remote Windows Server in a Datacentre.
The Microtik router is the VPN Client, the Windows Server is the VPN Server.
The employees are supposed to print from the remote Windows Server to local LAN printers.

Local LAN /24
VPN: /24

in SFOS 19 I only needed to set a static route with Gateway (Microtik router) on br0 to make it work.
Since upgrading to SFOS 20 the VPN connection suddenly stopped working.

Which Rules do I need to set in place, to tell the XGS that:
- Data from the VPN are okay to access the local LAN ( logs tell me that the XGS can't associate the Microtik VPN traffic with any connection ).


EDIT: We managed to establish the VPN connection again, by switching the Port. The connection itself is still.... "kinda buggy". If I ping a printer from the remote server, 5/7 (ish) pings go threw, 2 get dropped by the firewall. "invalid traffic" // source: internal printer ip / target: vpn IP of the remote server / "Could not associate packet to any connection."
[edited by: Rene Böhres at 2:30 PM (GMT -7) on 27 May 2024]
Parents Reply Children
  • It's not very complicated in Terms of Setup so a Diagram would probably be overkill

    Local LAN /24
    Printer /24

    VPN: /24
    "VPN Box" /
    Windows Server

    ISP Router Lan:

    Local Lan: -> ISP Router LAN

    In the "Local LAN" is a small Router (let's call it VPN Box) that connects as a Wireguard VPN Client to a Windows Server that is a Wireguard VPN 
    The VPN Box has a LAN Adress (Lets say as well as a VPN Adress ( Say and the Windows Server ( 
    Printers from the Local LAN are installed on the Windows Server so employees can Print locally.
    Right now the connection to the Windows Server in the cloud works, but if i ping the printers from the windows server I get like 6 successes and 4 fails.

    I had to black out a bunch of Stuff, since this Firewall is setup for 2 companies (sorry)