Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: omill728 on February 15, 2024, 01:28:57 AM

Title: Can't route LAN traffic over Wireguard Gateway
Post by: omill728 on February 15, 2024, 01:28:57 AM
Hello,
I've had OPNsense set up for a while and have been able to do everything that I want except this. I have a Wireguard set up with a VPN provider so that I can route traffic from certain hosts in my LAN over the VPN connection and port forward over the VPN as well. I cannot figure out what I'm doing wrong. My regular WAN works fine and I've followed various guides such as https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) without luck.

I have been able to get this to work with OpenVPN, but when using Wireguard traffic seems to stop at my OPNsense router. As soon as I set up a firewall rule to set my Wireguard connection as the gateway for an address, the device that the rule applies to loses connection to anything outside the LAN. I have been able to get the router itself to successfully use the VPN as its gateway.
If I ping any address outside of my LAN from a device whose traffic should go over the VPN, my OPNsense responds, even if it wasn't the address being pinged. For example, if I ping 9.9.9.9:
QuotePING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=0.137 ms (DIFFERENT ADDRESS!)

Any info on what I might have misconfigured or what would cause my router to respond to other pings would be greatly appreciated. Thanks!
Title: Re: Can't route LAN traffic over Wireguard Gateway
Post by: Seimus on February 15, 2024, 10:06:58 AM
Show your configuration for this, GW, routes, rules.

Regards,
S.
Title: Re: Can't route LAN traffic over Wireguard Gateway
Post by: cooljimy84 on January 16, 2025, 01:32:25 PM
Over a year old this post, but i'm having the same issue. I even rolled back the version thinking it was a update.

It's weird as if i add a route (system, config, routes) for an ip address to route out via the wireguard tunnel, start pinging it and then up and down the tunnel. I can see the ping go from 5-8ms (tunnel is down) to 20-35ms (tunnel is up) but i get the same DIFFERENT ADDRESS from device on the LAN.

followed the same guide as person above but also crossed checked with https://gist.github.com/morningreis/eeda36e8bb07dcb750d77e9a744776e8 (https://gist.github.com/morningreis/eeda36e8bb07dcb750d77e9a744776e8)

*** Now working for me
I changed the 10.2.0.2/32 that Proton and the guide said to use, to 10.2.0.2/24 and it's all working now... strangely
Text only | Text with Images