OPNsense Forum

English Forums => Virtual private networks => Topic started by: fausmaus on August 31, 2023, 11:14:32 pm

Title: Enabling Wireguard Immediately Breaks the Internet
Post by: fausmaus on August 31, 2023, 11:14:32 pm

I swear I beat my head against this before reaching out  :-\

I was following the "WireGuard Selective Routing to External VPN Endpoint" guide and got up to the part where you restart wireguard after assigning the interface and noticed my internet was down for all devices/VLANs.  I could still navigate the opnsense UI without issue though and ping other local devices.

The guide is simple enough to follow so I removed the interface and internet was still down.  Then I disabled wireguard and the internet for all my devices started working again.  I triple checked config and re-enabled multiple times but always the same issue, no internet but I did notice that at least existing sessions kept working so for example What'sApp desktop would still receive messages and SSH sessions would stay connected while wireguard was enabled but otherwise internet will not work.

I then tried misconfiguring wireguard so that the endpoint address was wrong.  I was just curious if maybe the issue was only after handshake occurred.  Same issue even though clearly no handshake was happening after the change.

Tried deleting all local and endpoint config and enabling the service but then it just won't even start because there's nothing to do so that's not really a useful test.

Since this is so early in the process I'm not really sure to do, this is before any assignments, gateways, routing etc.  Any suggestions would be appreciated, it seems like no matter what the service status is if it's running I don't have internet connectivity from LAN devices.

Title: Re: Enabling Wireguard Immediately Breaks the Internet
Post by: slackadelic on September 01, 2023, 08:02:02 am

Most likely what is happening is when you enable wireguard your Local endpoint config in OPNsense is overwriting the default routes.

You can try going into the Local endpoint config and select "Disable Routes"

That should stop it from adding it's own routes into the table.

Title: Re: Enabling Wireguard Immediately Breaks the Internet
Post by: fausmaus on September 01, 2023, 07:30:17 pm

Thank you!  I have no idea how I missed that so many times it's right there in the guide.  Much appreciated for the sanity check!

Title: Re: Enabling Wireguard Immediately Breaks the Internet
Post by: slackadelic on September 02, 2023, 08:09:30 am

You're welcome!