OPNsense Forum

English Forums => General Discussion => Topic started by: XeroX on May 07, 2020, 02:51:13 pm

Title: OPNSense Beginner - Wireguard- Firewall
Post by: XeroX on May 07, 2020, 02:51:13 pm

Hello,
I've setup my OPNSense switching from UniFi. I've some basic questions.

1. I setup Wireguard via this:
https://wiki.opnsense.org/manual/how-tos/wireguard-client.html
and
https://www.thomas-krenn.com/de/wiki/OPNsense_WireGuard_VPN_für_Road_Warrior_einrichten#Firewall_Regel_f.C3.BCr_WireGuard
this guide.

I partly skipped configuration of Step 2c of the first guide.

Everything is setup and when the Wireguard Interface is not assigned, internal traffic isn't working.
Assigning the Interface allows me internal + external traffic via VPN even without the Firewall NAT Outbound Rule.
What am I doing wrong?

2. I'm using Pi-Hole as DNS. Works like a charm.

However I want to block all other DNS traffic, only pi-hole is allowed to connect to external dns.

- WAN-OUT <Pi-Hole> DST* TCP/UDP 53
- WAN-OUT * DST* TCP/UDP 53

With this rules Pi-Hole is blocked as well, why? Stop on first match is ticked.

Cheers

Title: Re: OPNSense Beginner - Wireguard- Firewall
Post by: XeroX on May 11, 2020, 08:23:36 pm

Anyone willing to assist me to allow DNS traffic to Internet from Pi-Hole (and firewall itself) but deny from every other host?

Title: Re: OPNSense Beginner - Wireguard- Firewall
Post by: Maurice on May 11, 2020, 09:52:31 pm

Try LAN-IN rules instead of WAN-OUT.

Cheers

Maurice

Title: Re: OPNSense Beginner - Wireguard- Firewall
Post by: XeroX on May 11, 2020, 10:53:37 pm

Okay thank you.

Got it working. Rule must be at the TOP with LAN IN.

IPv4 UDP   ! Pi-Hole   *   *   53 (DNS)   *   *