Messages

Hello,

I have OPNsense installed on a local server in the LAN, with a wireguard vpn service (like torguard) and wireguard server (road warrior setup with which I can connect to LAN remotely and pass remote connection through VPN provider tunnel).

All works well with one exception - when connecting to wireguard server from a remote location, I can access LAN and web, and when accessing the web, it passes through torguard VPN server but uses its own DNS server rather than the DNS server provided by OPNsense or the torguard server. Using unbound and adguard, the remote client doesn't even pass through them.

For the sake of example, OPNsense is 192.168.2.1. The wireguard client is an android device and is setup as 10.10.0.11 and to go through a tunnel address of 10.10.0.1/24; allowed IPs on endpoint 10.10.0.0/24. Interface static IP 10.10.0.1, and gateway IP 10.10.0.1
If I change the DNS in both android and VPN->wireguard->local->advanced mode->DNS server from blank or 10.10.0.1 to 192.168.2.1, adguard sees and filters the wireguard client but DNS isn't resolved. Tried to switch adguard off and Sensei instead of adguard. No difference

Thanks

Took me a while to configure WG on OPNsense (still working out some small issues) and had a similar problem to yours. Might be a a firewall DNS redirect problem, but here's my entire setup and difference compared to yours, which works well:
-in vpn "local," left DNS blank, unchecked "disable route" and left gateway blank
-set up an interface, static IPV4, IPV4 address your tunnel address, create an upstream gateway
-in system/gateways, interface should be abovementioned, address family IpV4, Ip address 10.64.0.1, far gateway checked and rest unchecked

firewall:interface - abovementioned, protocol TCP/UDP, source port and address any, destination address [gateway]address, destination port DNS, IP 127.0.0.1, redirect target port DNS //this redirects DNS requests made through your VPN gateway to local DNS server.
Hope this helps

Update: Issue has resolved, though I have no idea how.
What I did: changed WAN subnet from 1.0/24 to x.0/24. Had two gateways for wan, WAN_DHCP and WAN_GW. disabled the _GW and set the DHCP priority the same as my wireguard gateway. The wireguard gateway is configured as a far gateway, the WAN_DHCP is not. Firewall allows 127.0.0.1/8 through wan but all else goes through wireguard tunnel (didn't change this part). All of sudden, the computer on which OPNsense is installed (and my media/file server) started tunneling through wireguard and started being recognized as a separate, pingable entity on 0.10.

Maybe you have a similar problem and can make sense of these changed to apply them on your specific setup.

**update: another development. Rebooted host computer (on which opnsense is installed) and everything stopped working again. Host computer IP = ISP IP rather than VPN provider IP and no access to LAN when connecting to home network via VPN. All I had to do is disable the physical WAN interface on the host computer. Then, host computer started passing through VPN provider tunnel and started having LAN access again.

Hi,

First of all, thank you to OPNsense developers and community for making and improving a product that is superior to consumer-grade routers and provides an alternative to upgrading a router every few years.

My previous setup was modem x.x.1.1/24-->router x.x.0.1/24--->computer x.x.0.10 (media server in docker), got tired of the slow openvpn speeds so added a 4-port NIC on the server and installed OPNsense via virtualbox.
Current setup: modem 1.1/24 ->computer 0.1/24 (opnsense 0.1 and media server 0.10) -> AP point 0.30 (router in previous setup) -> clients 0.10-0.40; I have modem going into WAN port of computer, and LAN from NIC going to WAN on AP. I have no LAN going from AP back to a different NIC on the computer.

The problem: I set up WG server. When at home, I connect wirelessly to AP and can access all media server apps (port forwarding to docker apps), SMB on server, etc. When away and connect to WG server, I have internet access that is tunneled through a WG commercial server (like torGuard), I can ping OPNsense (0.1), all clients connected to the 0.30 AP and AP itself, but can't ping or access my 0.10 media server (which is also the computer hosting OPNsense in virtualbox). I tried to do so with both WG and ovpn. Same result.

Thank you