I was following this video by Jim's Garage https://www.youtube.com/watch?v=UI5tO1hP2q8 (https://www.youtube.com/watch?v=UI5tO1hP2q8)
to set up my wireguard instance.
After setting up the peer and linking it to the wireguard instance all ipv4 traffic starts being routed through that interface.
Firewall logs:
Without partner https://imgur.com/a/nYRAxtV (https://imgur.com/a/nYRAxtV)
With partner https://imgur.com/a/DFsL6n6 (https://imgur.com/a/DFsL6n6)
Firewall Rules:
WAN https://imgur.com/a/T8LjSs2 (https://imgur.com/a/T8LjSs2)
LAN https://imgur.com/a/SyfT0rm (https://imgur.com/a/SyfT0rm)
VPN https://imgur.com/a/tkRGDtH (https://imgur.com/a/tkRGDtH)
VPN(group) https://imgur.com/a/Joy7SEo (https://imgur.com/a/Joy7SEo)
Nat:
outbound https://imgur.com/a/9kCFT9H (https://imgur.com/a/9kCFT9H)
portforward https://imgur.com/a/HOfh1j8 (https://imgur.com/a/HOfh1j8)
VPN config:
instance config https://imgur.com/a/0L5b2H2 (https://imgur.com/a/0L5b2H2)
peer config https://imgur.com/a/Ea8ACDf (https://imgur.com/a/Ea8ACDf)
I have dumped my config (and hopefully redacted it enough)
https://pastebin.com/RaNF3fUN (https://pastebin.com/RaNF3fUN)
Any help is very appreciated
this is expected.
if you didn't create
alias of the devices you want, or don't want to travel over the tunnel
then nat the devices you want to go over the tunnel and choosing the correct interface
https://docs.opnsense.org/manual/how-tos/wireguard-client.html
https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html
https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
Yeah, that would do it. I have since changed the allowed IPs value under peer to the tunnel network.
I am now facing a new issue. My phone will not connect even though:
1. the pubkeys are correct
2. the firewall has a rule set
3. the service is running
One strange thing that I have noticed is only the first udp request will apear in the firewall. Any subsequent handshake requests will not be reported in the log. I know the handshakes are being send because I can see the data sent number increasing.
Any ideas?