I am running a rather complex setup over multiple sites and have a new requirement to use a remote gateway on a different side as gateway for a certain subnet on the local site. The connection is made via wireguard, which runs nicely, but apparently I got a routing issue I can't figure out.
I have tried to work with https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html as a baseline.
For simplification reasons:
Site A (local) as 10.1.0.0/16, Site B (remote) as 10.2.0.0/16
A wireguard tunnel has been setup with 10.2.100.1 as remote ip and 10.2.100.2 as local address, I can ping and connect anything on 10.2.0.0/16 from the local network - so that is okay.
Now I want to redirect all traffic from 10.1.144.0/24 via the remote site and as per above mentioned how-to I have set up a ipv4 remote gw 10.2.100.1 on WG7 (which is the interface assigned to the wireguard tunnel and I have an interface VLAN144 which is for the local subnet to be routed. I have added a firewall rule to VLAN144 which basically says: any 2 any gw remotegateway
Now, what happens is: once that rule is in place the opnsense on site A reports back 'Destination host unreachable', so despite the gateway being reachable, the system doesn't route packets there.
Any idea what I am missing?
fixed it - the 0.0.0.0/0 routing was set in the wrong peer