Dear OPNSense Forum,
I am connecting two sites via Wireguard VPN. The connection of both sites work fine and Network devices can reach each other.
I now want to route some Internet traffic from Site 2 to Site 1 as some external systems have IP Whitelists in place for the WAN of Site 1.
To achieve this I create a Gateway in Site 2 pointing to the remote network appliance in Site 1 in the Wireguard net. I then add a Firewall rule to route all traffic from specific devices in Site 2 to this Gateway. This doesn't enable connectivity yet, as packages to 0.0.0.0/0 are not allowed to pass through to the Wireguard Peer.
Lastly I extend "Allowed IPs" in the Site 2 Peer to include "0.0.0.0/0". This unfortunately creates a system route with higher priority than the default Gateway, trying to send all traffic through the VPN. The VPN is immediately down and everything else too as Wireguard needs the default gateway of course (WAN of Site 2). When I delete this route manually (System -> Routes -> Status), everything works as expected.
Is there a way to prevent the creation of rules? Just because the VPN should accept packages with these addresses doesn't mean it should be the default gateway.
Any help appreciated!
Thanks!
I found a solution to my problem: In the Wireguard instance there is a checkbox "Disable routes" that does exactly what the name says.