Show Posts
1
22.7 Legacy Series / System tools like traceroute & Dynamic DNS don't use the interface gateway
« on: September 21, 2022, 06:54:58 pm »
I was wondering if anyone could shed some light on an issue I am facing. I have two remote WireGuard VPN endpoints configured with the help of https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html.
The two tunnels connect to my VPN provider and properly utilize this note from the guide above:
I can then add firewall rules for any interface and choose the newly created VPN gateways and traffic is routed through them. This has been verified by using curl to check the returned public IP using icanhazip.com.
The problem I'm running in to is getting traffic originating from the firewall itself to use the gateways. When performing a traceroute, I choose a host (apple.com), IPv4, and for interface I choose once of the VPN interfaces. The path taken actually goes through my ISP and the next hop IP is not the expected one from the VPN endpoints.
Additionally, using the legacy Dynamic DNS service and setting Interface to monitor to one of the VPN interfaces, the public IP is the public one given to me by my ISP and configured on the WAN interface.
The two tunnels connect to my VPN provider and properly utilize this note from the guide above:
Quote
The IP you choose for the Gateway is essentially arbitrary; pretty much any unique IP will do. The suggestion here is for convenience and to avoid conflicts
I can then add firewall rules for any interface and choose the newly created VPN gateways and traffic is routed through them. This has been verified by using curl to check the returned public IP using icanhazip.com.
The problem I'm running in to is getting traffic originating from the firewall itself to use the gateways. When performing a traceroute, I choose a host (apple.com), IPv4, and for interface I choose once of the VPN interfaces. The path taken actually goes through my ISP and the next hop IP is not the expected one from the VPN endpoints.
Additionally, using the legacy Dynamic DNS service and setting Interface to monitor to one of the VPN interfaces, the public IP is the public one given to me by my ISP and configured on the WAN interface.