Hello everyone,
after updating my OPNsense firewall from 25.1.10 to 25.1.12, WireGuard only works partially.
Setup:- OPNsense 25.1.12 (previously 25.1.10, everything was working fine)
- WireGuard server running on OPNsense
- Clients connect successfully
- AllowedIPs on clients: 0.0.0.0/0 (Full Tunnel)
Before the update: VPN clients could access LAN + Internet
After update: VPN clients can still access LAN and OPNsense itself, but no longer the Internet through VPN
Symptoms:- WireGuard connection works (handshake OK)
- Access to internal IPs (LAN) works
- Access to external IPs (Internet) does not work
- DNS resolution is correct (Ping to IP address of firewall also works)
- Internet access from LAN side works as expected
Checked so far:- Firewall rules on WireGuard interface are unchanged (Allow any)
- Firewall NAT Outbound: Hybrid outbound NAT rule generation
Question:Was there a change in 25.1.12 that could affect?
Or is this a bug that only started in 25.1.12?
Maybe someone can confirm if this behavior is reproducible.
Thanks!
Not to Hijack your post but just to say I have the same issue, but can't even talk to LAN. On my Cell, it says connected, but on my dashboard, no green checkmark.
If I find anything that can help you, I'll post it!
Just wanted to give a quick update that my issue with WireGuard has been resolved.
The problem turned out to be a firewall rule in OPNsense that was blocking outbound traffic. After the update, this rule suddenly started taking effect, even though everything had been working fine before. I understand why it doesn't work with that rule in place — but I honestly don't understand why it worked before the update.
If anyone runs into similar issues: double-check your firewall rules, especially those affecting the WireGuard interface. Something may have changed in how rules are processed or how interfaces are handled after the update.