Hello there.
I setup a bare metal OPNsense firewall/router for my home lab LAN, and is running fine with no particular issues.
The box is acting also as NTP server for the whole LAN, until the dedicated NTP+PTP and DHCP IPv4+IPv6 Kea servers will be operational.
All my outbound traffic, no exceptions, need to be routed through my VPN provider, so I enabled WireGuard and configured with Mullvad. It seems working correctly, according the Mullvad check leaks website.
And here the fun starts: after implementing WG the LAN clients cannot access anymore the OPNsense NTP server.
I wish all LAN clients NTP requests remain in the local LAN, no NTP requests should go outside, but I do not understand why this behaviour from WG.
All other LAN service are functional, just NTP is having issues.
Probably is a matter to set a rule in the firewall, but it shouldn't be done by WG?
Any help would be greatly appreciated.
You have a firewall rule on LAN with WG as gateway, right? Please show that rule.
There is one floating rule
Change destination to "LAN net" with "destination invert" activated.
Quote from: Patrick M. Hausen on December 29, 2024, 10:42:12 AMChange destination to "LAN net" with "destination invert" activated.
It worked.
Thanks a lot Patrick for the quick and fast resolution.
If you tell OPNsense to route destination "any" to the WG gateway it will do exactly as told. Including NTP queries or *anything*. Nothing WG specific here. How should WG know you want something different if you specifically tell the packet filter to do what it did?