Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: beneix on May 09, 2026, 11:33:22 AM

Title: Firewall rules to allow connected WG peer access out to WAN
Post by: beneix on May 09, 2026, 11:33:22 AM
I must admit that no matter how much I read about firewall rules, it never becomes intuitive or clear to me...so please, if anyone can help me here.

I have a working Wireguard set-up so that I can access my OPNSense router at home from any external location. When I connect, I get access to the LAN, I can manage my router and I can access my NAS via the LAN. However, I cannot access the WAN. I assume I need to add some rule to the firewall, but I really can't figure out how this rule should be defined.

I have attached screenshots of the existing rules for Wireguard and Wireguard (group).
Title: Re: Firewall rules to allow connected WG client access out to WAN
Post by: Patrick M. Hausen on May 09, 2026, 11:44:47 AM
What's in your "AllowedIPs" on the client side?
Title: Re: Firewall rules to allow connected WG peer access out to WAN
Post by: beneix on May 09, 2026, 03:11:57 PM
In the client peer definition, it's 0.0.0.0/0. On the OPNSense side, it's 192.168.5.2/32.
Title: Re: Firewall rules to allow connected WG peer access out to WAN
Post by: Patrick M. Hausen on May 09, 2026, 03:22:11 PM
Looks good as do your rules. I'd bring the big tools - packet trace/tcpdump.
Text only | Text with Images