I am attempting to setup selective routing through an external VPN endpoint. My goal is to have specific clients(based on IP address) within my network use a VPN for all external communications. I have been using the guides below to set it up.
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html)
https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html (https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html)
https://listed.to/@lissy93/18842/how-to-mullvad-vpn-using-wireguard-on-opnsense (https://listed.to/@lissy93/18842/how-to-mullvad-vpn-using-wireguard-on-opnsense)
However, whenever I turn on WireGuard, DNS breaks for my whole network. I have tried it with and without mullvad's DNS server in the Local. Doesn't seem to have any effect.
I am using Unbound DNS and have tried restarting the services and router, but nothing helps. As soon as I disable the WireGuard local, DNS works again.
So I ended up going through a different tutorial(https://forum.opnsense.org/index.php?topic=21205.0 (https://forum.opnsense.org/index.php?topic=21205.0)) with the only real difference being checking 'Disable Routes' on the local peer. This seems to have solved the issue with DNS breaking.
However, after completing everything and settings up the gateway and firewall rules, if I run curl https://am.i.mullvad.net/connected from one of the clients, it showed me as not connected. Any ideas on where I should start troubleshooting this?
Thanks
Went through everything again and got it working today. The only thing I believe I did differently was setting up a LAN rule to use the new gateway for the VPN.
Don't use WireGuard DNS setting. As you put it will break your whole DNS (by design).
Cheers,
Franco