Hi, earlier today I change my LAN subnet from 192.168.1.0/24 to 10.124.15.0/24, ironically, mostly in an attempt to make my road warrior set up work better since 192.168.1.0/24 is fairly common residentially. I also decided to change my VPN from 192.168.100.0/24 to 10.124.16.0/24 just to match. However, now I'm completely unable to connect to the WireGuard instance from either my phone or laptop. I went ahead and fully re-created my setup following the guide but I'm still having the issue. I'd love if someone can help me figure out what's wrong.
I don't know how to provide the rest of the config with the limit on attachments :(
In a second post.
Did you specify the new subnet as "allowed adresses" in the peer settings of the WG client? Are the routes changed?
> Did you specify the new subnet as "allowed adresses" in the peer settings of the WG client?
Yeah, on the clients I just have 0.0.0.0/0 and ::/0 as the Allowed IPs for the peer.
And my bad, I didn't realize there was an option other than the "Quick reply" so I didn't see you could add more attachments.
And the rest of my VPN config on OPNSense
The interface shows these routes:
10.124.16.0/24
10.124.16.2
10.124.16.3
2605:a601:a098:xxxx::/64
2605:a601:a098:xxxx::1
2605:a601:a098:xxxx::2
I figured this out! I think it was a combination of two things.
First, at some point since I'd last used the VPN, I guess I'd added a AAAA record to the domain my Wireguard endpoint was CNAMEd to... however the AAAA is the IPv6 address of my server, not my OPNsense box. Creating new A/AAAA records pointing directly to OPNsense instead of the CNAME seems to have fixed it.
I think another issue, which made some of my problems intermittent, was that I was trying to do Outbound NAT on the Wireguard IPv6 network, but I didn't even have an IPv6 address on my OPNsense's WAN interface. Adding that seems to have fixed it (but I don't really need the IPv6 NAT, so I disabled that).