So i'w been running Unifi in my house for a while, i had a USG4P, unifi layer2 switch and 2 APs.
But lately i'w felt as if i'w outgrown the system and wanted to start a new project and replace my entire network with anything BUT unifi.
The reasoning behind this is that i want to learn, and with unifi holding my hand whenever i want to do ant configuration i wont learn anything.
So the current setup is:
Dell r220 running opnsense
2x Aruba s2500 layer 3 switches
The 2 unifi APs i mentioned (yes i have a new Aruba AP 505 flying in from the internetz to replace them)
The main reason i got feed up with unifi is the poor support for VPN and routing, but the move to opnsense has been a bit more of a challenge then expected. not tha it can do anything i will ever want it to do, it's just very apparent how spoiled i'w been with the automagic world of unifi.
But on to the reason of this post, i'w had a hard time wrapping my head around wireguard.
I have a set up site-to-site wireguard tunnel to a off-site server i use for backup and under stuff, i used a guide so it was pretty straight forward BUT... the thing with "Allowed IPs" messes with my mind... the guides i read said to put 0.0.0.0/0 as allowed ip and that routs ALL traffic through the tunnel, i dont want that.
i changed Allowed IPs to the tunnel ip and that gave me access to the off-site server but didnt rout all traffic through... great!
now to the next VPN, i have a MullvadVPN account that i want to use to connect to a Norwegian server and have vlan11 to route through that VPN so that i can make an Norwegian SSID so that my Norwegian GF can use her Norwegian apps.
This is where i run in to the same problem again, once again the config from Mullvad want me to set 0.0.0.0 as Allowed IPs but that will route ALL traffic through the VPN.
I tried to add 192.168.11.1/24 (vlan11) as the Allowed IP but for some reason it wont recognize as a valid config so the wg1 interface wont appear.
When i couldn't figure out how to fix that i jumped on my other VPN project, simply to have a Wireguard server for my phone/laptop to connect to. this was basically as straight forward as the site-to-site but yet AGAIN i run in to the same problem as before, i cant figure out what to add to the allowed ips to NOT rout my entire network through the VPN.
I'w read through some "Wireguard explained/for noobs" guides but cant seem to figure this out... the wireguard tunnels seem to work with 0.0.0.0 but brings down my entire network in the process :(
Anyone who could explain this to me?
Quick update... The wireguard site-to-site stoped working and I have no idea why :-D
I'w reset basically everything and starting over :-)
Set the Gateway (Remote IP in your tunnel Network, so the Norwegian Site) in the Rule which is for the Devices you want to route over the VPN