Hi! Newbie here!
I have successfully configured my wireguard following the Road Warrior setup, but i'd like to have another instance with only internet access using my DNS.
If I remove the 2nd rule in step 5 of the tutorial (https://docs.opnsense.org/manual/how-tos/wireguard-client.html), which allow access to any IP in any subnet, my client cannot access internet too. I was not able to identify the problem, what am I missing? Is this possible?
For that rule, allow traffic to your DNS (OPNsense?) instead to any and give it your DNS port as destination.
You could also use only one instance, applying this rule only for specific WG client IPs as source, there is no need for a second instance.
I appreciate the help. If I understood correctly, I should change the destination port range. However, as you can see in the image, the destination port is locked, I tried to change the destination to other values to see if I would unlock the selection, but no luck.
Set protocol to TCP/UDP, then you can add the port.