Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: gandizzle on October 19, 2025, 04:38:38 PM

Title: Opnsense NordVPN does not work
Post by: gandizzle on October 19, 2025, 04:38:38 PM
Hello everyone,

I'm looking for a step-by-step guide to help me set up NordVPN on OPNsense. My goal is to have one of my VLANs use the VPN connection exclusively for internet access.

I've already tried several tutorials, but none of them worked. Usually, the process fails when I need to create a new gateway — at that point, I lose my internet connection. My default gateway is a FRITZ!Box, and as I understand it, it makes sense that I lose connectivity once I stop using the FRITZ!Box gateway, since the newly created NordVPN gateway doesn't actually provide internet access by itself.

Currently, my FRITZ!Box acts more or less as a modem, and the OPNsense firewall is configured as an exposed host. The setup then connects to a managed switch, and I'd like to have one of the VLANs use the VPN for outbound internet traffic.

Here are the Screenshots of my Settings.

I follwed this Guide :https://sysadmin102.com/2025/01/opnsense-wireguard-nordvpn-setup/

This are the NordVPN Settings that i get with Git-Bash

de963.nordvpn.com

5.180.62.45

Frankfurt

Germany

de963.proxy.nordvpn.com

de963.proxy.nordvpn.com

m0tej5P6pYfBivkJc8yRV4KqQXmM81AChLlzlsOSjSs=

8443

15

(https://i.ibb.co/n8LPZLsf/Alias1.png) (https://ibb.co/Pz6D36Z4)
(https://i.ibb.co/6RGNTsXL/Alias2.png) (https://ibb.co/d0X7VKmx)
(https://i.ibb.co/mCfQH0Ls/Floaring-Rule.png) (https://ibb.co/8D1FjbW3)
(https://i.ibb.co/dJmChVRz/Gateway.png) (https://ibb.co/n8PdWYF5)
(https://i.ibb.co/7dLkThc9/Instance.png) (https://ibb.co/wFjcbtHv)
(https://i.ibb.co/21X2cDFb/Interface.png) (https://ibb.co/nNh2QHwW)
(https://i.ibb.co/7tSTyTKP/NAT-Rule.png) (https://ibb.co/1G0p2pT1)
(https://i.ibb.co/RTfjkbtn/NAT-Settings.png) (https://ibb.co/Swbf4yHT)
(https://i.ibb.co/cSChGWqS/New-Lan-Rule.png) (https://ibb.co/0RFyg05R)
(https://i.ibb.co/8Dr11Pxd/Peer.png) (https://ibb.co/XZ7ccF53)
(https://i.ibb.co/7dprPYkk/Rules-LAN-oberview.png) (https://ibb.co/B56Tbznn)
Title: Re: Opnsense NordVPN does not work
Post by: gandizzle on October 22, 2025, 12:50:59 PM
Has realy nobody an idea?
Title: Re: Opnsense NordVPN does not work
Post by: gandizzle on November 08, 2025, 01:08:20 PM

I found a similar tutorial on YouTube: https://youtu.be/fFszlJpTBoc?si=sS3dea6xXUlFxcpl�. The steps are pretty much the same, but with Mullvad VPN. I also tried that and even bought a Mullvad subscription, but I ended up with the same issue — as soon as the new gateway becomes active, I lose my internet connection. I just don't understand what the problem is.
Title: Re: Opnsense NordVPN does not work
Post by: meyergru on November 08, 2025, 01:53:10 PM
You should always consult the official documentation (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html). It seems you use the wrong gateway settings, note in step 6 of the official guide, it says:

QuoteInsert the gateway IP that you configured under the WireGuard Instance configuration

What you configured is the IP of the NordVPN wireguard server, which is a different thing.

I have exactly this running with the following setup:

1. Setup Wireguard VPN peers and instance (steps 1 and 2 of the official guide):

2025-11-08 13_29_32-WireGuard _ VPN _ OPNsense.mgsoft — Mozilla Firefox.png

2025-11-08 13_27_35-WireGuard _ VPN _ OPNsense.mgsoft — Mozilla Firefox.png

Note that I have several peers, but enable only one of them at a time.

Then follow steps 3-5 of the official documentation (i.e. turn on wiregard, assign an interface and restart wireguard).

2. Create a gateway (step 6 of the official guide):

2025-11-08 13_31_33-Configuration _ Gateways _ System _ OPNsense.mgsoft — Mozilla Firefox.png

3. Create an Alias for the relevant local hosts that will access the tunnel with either MACs or IPv4 of the VPN clients (i.e. step 7):

2025-11-08 13_50_23-Aliases _ Firewall _ OPNsense.mgsoft — Mozilla Firefox.png
Title: Re: Opnsense NordVPN does not work
Post by: meyergru on November 08, 2025, 02:00:57 PM
4. Create an RFC1918 alias and a firewall rule (step 8 of the official guide):

2025-11-08 13_50_23-Aliases _ Firewall _ OPNsense.mgsoft — Mozilla Firefox.png

2025-11-08 13_38_09-DMZ _ Rules _ Firewall _ OPNsense.mgsoft — Mozilla Firefox.png

Note that I created the rule in the VLAN for the VPN_CLIENTS.

5. Configure routing for traffic generated by the router (step 9):

2025-11-08 13_34_41-Floating _ Rules _ Firewall _ OPNsense.mgsoft — Mozilla Firefox.png

6. Create an outbound NAT rule (step 10):

2025-11-08 13_31_00-Outbound _ NAT _ Firewall _ OPNsense.mgsoft — Mozilla Firefox.png
Title: Re: Opnsense NordVPN does not work
Post by: meyergru on November 08, 2025, 02:03:41 PM
8. Add a kill switch (step 11):

2025-11-08 13_35_50-Floating _ Rules _ Firewall _ OPNsense.mgsoft — Mozilla Firefox.png

9. Add a kill switch for IPv6:

2025-11-08 13_36_47-Floating _ Rules _ Firewall _ OPNsense.mgsoft — Mozilla Firefox.png

The floating firewall rules should be arranged like so afterwards:

2025-11-08 13_33_02-Floating _ Rules _ Firewall _ OPNsense.mgsoft — Mozilla Firefox.png

Oh, and BTW: The NORDVPN wireguard interface must not block RFC1918 addresses:

2025-11-08 14_13_48-[NORDVPN] _ Interfaces _ OPNsense.mgsoft — Mozilla Firefox.png

It has also to be noted that this way, local access is still possible (which it should, so you can control your VPN clients or transfer files), however, you have to implement steps to prevent DNS leaks (check if this works with https://www.dnsleaktest.com/).
Text only | Text with Images