OPNsense Forum

English Forums => Virtual private networks => Topic started by: tuomas on December 11, 2021, 04:36:29 pm

Title: Mullvad via wireguard and port forwarding
Post by: tuomas on December 11, 2021, 04:36:29 pm

I can't get port forwarding to work on my Transmission container. The container is selectively routed to Mullvad using wireguard.

I have set up port forwarding on Mullvad's website. Wireguard test on the container is okay, but port forwarding test fails.

Code: [Select]

$ docker exec -it transmission bash
root@b7212cb4e31a:/# curl https://ipv4.am.i.mullvad.net/port/54853
{"ip":"185.204.*:*","port":54853,"reachable":false}
root@b7212cb4e31a:/# curl https://am.i.mullvad.net/connected
You are connected to Mullvad (server fi1-wireguard). Your IP address is 185.204.*.*
Do I have to configure port forwarding also on opnsense?

Opnsense version is 21.7.6.

Transmission config is attached.

These are the port mappings on docker-compose for transmission:

Code: [Select]

ports:
      - 9091:9091
      - 54853:54853
      - 54853:54853/udp


Title: Re: Mullvad via wireguard and port forwarding
Post by: Greelan on December 11, 2021, 08:37:14 pm

Yes, you should have to forward on OPNsense, otherwise the packet coming in on the WG wan interface has no idea where to go

You also need to deal with the reply-to issue for which there is a solution here (https://github.com/opnsense/core/issues/4389#issuecomment-865349224)

Title: Re: Mullvad via wireguard and port forwarding
Post by: tuomas on December 11, 2021, 09:35:43 pm

Okay, thanks for the quick reply.

I got it working following that github comment.