Dear all,
could you please help me with the following; I'm a Proton(VPN) user and set up a Wireguard VPN connection following https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html, respectively https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html (as step 6 and ongoing).
Sidenote; the only difference would be that I've set up the according rules as floating, as the clients which shall use the tunnel reside in different VLANs.
The WG instance is "up", the corresponding peer has a recent handshake entry.
The gateway is "online" with 0.0 loss.
Now to my issue -> as soon as I enter my mobile phone for testing to the alias (clients which shall use the tunnel), I can't reach any non-internal hosts anymore (browsing the web, Firefox shows a black screen and an error message "this website requires a secure connection" / HSTS).
In the FW logs, I can see that the rules that I've added during the setup trigger pass, so no blocks for the test client.
I've ran that setup now three times, but always with the same negative result.
To test the ProtonVPN-conf itself I loaded it directly into my Fritzbox for testing purposes, that's working like a charm (so basically all traffic is now on the tunnel, I could also live with that :) ).
To summarize;
- the underlying ProtonVPN is working fine -> tested on Fritzbox
- the WG instance/peer combination is working fine -> instance is "up", peer has a recent handshake
- the gateway is online, 0.0 loss
Many thanks in advance for your time in advance!