"
I have a Wireguard VPN that I have setup to route specific URLs/IPs through using Outbound NAT and firewall alias and rule, which all works as expected for clients on my LAN bridge that are on a wired connection.
I have an Outbound NAT setup for my VPN:
Interface WAN_WG1
Source: Any
Port: *
Destination: *
Port: *
NAT Address: Interface Address
Static Port: No
Alias is a simple alias that just has domain.com defined
Firewall rule is simple:
Source: Any
Port: Any
Destination: VPN_Redirect Alias
Gateway: WAN_WG1
And when I go to domain.com, it correctly routes through the VPN gateway, but only for my wired clients.
I have a Ubiquiti U7Pro Wifi Access point that is a standalone AP. It has an IP in the same LAN range that the rest of my network is in, no VLANs or anything... I can access all devices internal to my network, wired or not. They are all in the same subnet. I just have a single very basic LAN network setup. All my LAN ports are configured on a Bridge in OPNSense, and the AP is plugged directly into one of those Bridged ports. It's got a static IP, with the gateway configured for my OPNSense IP.
Everything works on wireless, with the exception of the traffic I expect to go through the VPN as defined by the firewall alias/rule. It seems like it's somehow getting dropped. It just times out when trying to access any of the sites defined in the alias.
I can see the firewall logging the packets from the wireless client as expected for the VPN Redirect rule, same as it does for my wired clients. But the wireless client never actually makes it to the expected page, just times out.
Is there something special about this "extra" hop of the AP in relation to how NAT works that I'm not understanding or taking into account here?
I have an Outbound NAT setup for my VPN:
Interface WAN_WG1
Source: Any
Port: *
Destination: *
Port: *
NAT Address: Interface Address
Static Port: No
Alias is a simple alias that just has domain.com defined
Firewall rule is simple:
Source: Any
Port: Any
Destination: VPN_Redirect Alias
Gateway: WAN_WG1
And when I go to domain.com, it correctly routes through the VPN gateway, but only for my wired clients.
I have a Ubiquiti U7Pro Wifi Access point that is a standalone AP. It has an IP in the same LAN range that the rest of my network is in, no VLANs or anything... I can access all devices internal to my network, wired or not. They are all in the same subnet. I just have a single very basic LAN network setup. All my LAN ports are configured on a Bridge in OPNSense, and the AP is plugged directly into one of those Bridged ports. It's got a static IP, with the gateway configured for my OPNSense IP.
Everything works on wireless, with the exception of the traffic I expect to go through the VPN as defined by the firewall alias/rule. It seems like it's somehow getting dropped. It just times out when trying to access any of the sites defined in the alias.
I can see the firewall logging the packets from the wireless client as expected for the VPN Redirect rule, same as it does for my wired clients. But the wireless client never actually makes it to the expected page, just times out.
Is there something special about this "extra" hop of the AP in relation to how NAT works that I'm not understanding or taking into account here?
