Hello everyone. I have a VPS that exists as a front end with public IPs and has wireguard installed on it. It connects to Opnsense via said wireguard. Packets arriving on the public IP are forwarded to a certain VM. This VM can access the internet over wireguard due to a firewall rule, but when trying to access the server from the outside via ping or HTTPS, Opnsense sends the reply out my WAN interface instead of back over wireguard. I've tried disabling force gateway and reply-to but I haven't had any luck with it, unless I'm not doing something else I need to be doing. Any ideas?
In the firewall rules which allow inbound ping + https on the WireGuard interface, explicitly set 'reply-to' to the WireGuard gateway. This will force the VM's replies back through the tunnel.
Cheers
Maurice
Thank you! That fixed one issue, but sadly on to the next one that doesn't make sense