Text only | Text with Images

OPNsense Forum

English Forums => 25.7, 25.10 Series => Topic started by: kftb on November 07, 2025, 06:42:14 AM

Title: Have WireGuard (Group) do nothing and just let instance-level rules kick in
Post by: kftb on November 07, 2025, 06:42:14 AM
Hi,

This might be more of a basic question, but I cannot figure it out:

I have two Wireguard instances:
- WireGuard A: Has access to all of LAN
- WireGuard B: Has only access to one local IP

I have defined the rules in their respective interfaces, but it seems that WireGuard (Group) is interfering with it.

When I remove all WireGuard (Group) rules, it blocks everything and the traffic doesn't hit the next set of rules on the instance-level. When I pass all traffic, it skips all further validation.

What I am looking for is basically a "Go straight to WireGuard A or B rules and do nothing else", but I cannot set it up that way.

How would I do that?

Thank you!
Title: Re: Have WireGuard (Group) do nothing and just let instance-level rules kick in
Post by: meyergru on November 07, 2025, 12:48:10 PM
I do it this way and it works just fine. I have no rules in the WireGuard group and do it explicitely for the individual interfaces.
Title: Re: Have WireGuard (Group) do nothing and just let instance-level rules kick in
Post by: franco on November 07, 2025, 01:13:19 PM
Keep in mind the group interfaces are mostly for the cases where you don't have a tunnel assigned as an interface.


Cheers,
Franco
Text only | Text with Images