Hello,
Up until recently, I was able to connect to my opnsense wireguard vpn instance from outside my house using both my mobile and my laptop. I simply followed the steps as described in the official documentation (https://docs.opnsense.org/manual/how-tos/wireguard-client.html).
Alas; this is no more the case. I can't get wireguard to work anymore. The only thing that changed is opnsense versions. Or maybe something else (that I don't know) from my ISP?
Opnsense appliance is behind a bridged modem/router provided by my ISP. My WAN connection is pppoe (credentials in opnsense) and I am using no-ip as a ddns service. I repeat; all this was working flawlessly.
While troubleshooting; I stumbled upon something else. When going to Interfaces --> Overview, my WAN interface shows the following:
device: pppoe0, link type: pppoe, IPV4 100.69.xxx.xx/32, gateway 10.106.xxx.xxx and my public IP (external) is something else.
Am I missing something here? Or is this all normal, and it's just my wireguard instance not configured properly?
Thanks in advance.
Your ISP has put you behind CGNAT. Ask them if they can give you a routable IP address (doesn't have to be static, but that might be the only option they offer). Otherwise you'll need to find a VPN solution that involves some third party - tailscale, something cloud-based, etc.
Even with IPv4 CGNAT you can use IPv6 for establishing a VPN connection.
This needs v6 properly configured at least for WAN interface and v6 connectivity on client side.
Thanks for the responses.
Quick update on the situation.
I contacted my ISP and they fixed it. They actually said that this was not on purpose and they don't know if it's gonna happen again in the future. I think the line was: "The system for some reason hands out IPs in the 100.xx range."
Outrageous right?
ISP is Cosmote (Greece).
FYI