I've been following the guide on the docs ☞ https://wiki.opnsense.org/manual/how-tos/wireguard-client-mullvad.html#step-2-assignments-and-routing and this guide ☞ https://listed.to/@lissy93/18842/how-to-mullvad-vpn-using-wireguard-on-opnsense, they are pretty much identical.
I can't get it working, I'm sure I'm missing a firewall rule or gateway somewhere. I have no internet connection. Although strangely, if I connect to Mullvad iOS or macOS app the internet starts working, and as soon as I disconnect from the app – no more internet. I have unchecked the kill switch in the Mullvad.app, so it is not that. 😁
I have only tried deviating from the above guides, by setting Firewall > NAT > Outbound > Source address to my AP net instead of LAN net, because the LAN is inactive, nothing is connected to it.
Any tips? Or does someone have a clue?
Thanks
Can you post screenshots of firewall rules and nat outbound rules?
Hi Kieeps,
Thanks for getting back.
Yes I can and I have uploaded them here. It is impossible to downsize them all to fit this forum rules :-\
The link expires in 7 days: https://send.tresorit.com/a#rbGtbXX4yYV0kgmVVZtlqA
One observation is that the interface in your outbound NAT rule should be Wireguard, not AP
Yes, and it originally was. But the interface was remove, perhaps because I made a modification. I enable the VPN and WireGuard interface was available again. Unfortunately didn't solve the problem.
Is the Disable Routes option enabled in the WG config? If you want your whole network to go via the VPN, it shouldn't be
Maybe you need to show your WG config too (masking private keys etc)
QuoteIs the Disable Routes option enabled in the WG config?
No it is not.
Here the Local and Endpoints ☞ https://send.tresorit.com/a#NZjoBKBUCzpRGbH1XwNHnA
Sorry, ignore my post just now...
Did you restart WG after fixing the NAT outbound rule?
Other than that, I am little at a loss. It sounds like it could be a routing issue. However, my understanding is that if Disable Routes is unchecked then WG reconfigures the default routes to use the tunnel.
That said, I've only tested configs with external VPN providers where the Disable Routes option has been checked, and then a VPN gateway, and specific FW rules to use that gateway, have been configured, as I have only wanted to send certain traffic down the tunnel, not everything. Along the lines of this: https://imgur.com/gallery/JBf2RF6
QuoteDid you restart WG after fixing the NAT outbound rule?
Yes, and I have also tried rebooting the OPNsense device.