Messages

I'll do that. worse case i'll rebuild my opnsense and rebuild the vpn. lol I don't have much rules on it so it would be no huge deal, except for the one person that connect to my tunnel. 

I have looked at the logs on these rules and they all seem to be working that i could tell and i struggle with packet captures lol.

endpoint: 154.16.169.77:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 47 seconds ago
  transfer: 4.69 MiB received, 1.21 MiB sent
  persistent keepalive: every 25 seconds

I tried updating the gateway as well and still nothing.  It is weird though, I was able get to google.com and do a whatismyIP and I get the VPN IP of the end location.  But was not able to get to any other websites.

No changes made, connected to the tunnel on my cell and able to ping 8.8.8.8 but not able to do a traceroute.

Yes, when the tunnel is up I see the handshake and there is the small amount of keep alive traffic.

I'll try changing the gateway and see if that does anything.

It's my 2nd one yes.  The first one is a road warrior setup to connect to my network from outside.  No conflicts there, all on a different subnet.  When I am connected to that VPN, I am able to get into my network and get out to the internet just fine over my ISP connection.  Havent even tried over the VPN out to surfshark yet. lol
 
I'll double check pinging those IP addresses, but I'm sure i was able to before, but will do it again.

When not on the tunnel, my phone is set to use the DNS handed off by OPNsense which is set for Adguard Home, which is installed on the OPNsense.  I have took that off and ran it through Unbound DNS and have tried running it only through 1.1.1.1 and 8.8.8.8 and still no connection out to the internet via the VPN.

Would this be the endpoint at the end of this config.

#
# Use this configuration with WireGuard client
#
[Interface]
Address = 10.14.0.2/16
PrivateKey = <insert_your_private_key_here>
DNS = 162.252.172.57, 149.154.159.92
[Peer]
PublicKey = Smruh1SmMqi7CecjV/+yI4Sy62gpAr+Uddq+9K6iLB0=
AllowedIPs = 0.0.0.0/0
Endpoint = 45.43.19.209:51820

Here is the traceroute.  It hits my OPNsense but that's as far as it gets.

https://filerun.photosandbrew.xyz/wl/?id=6CdlqvkBEjfsimdwSkepu30tA6OcnSwL

Do want to add, when I disable this rule, my connection goes over my normal ISP connection and my traceroute goes all the way through.

https://filerun.photosandbrew.xyz/wl/?id=zLf8ljlHIo1ddxQvdBXMy0oQ7QLMHTjg

So I rebuilt the rules again and this is weird. I can traceroute from the vpn tunnel and it connects and completes. I have my cell phone set to be the only thing to route through it and I can get to google, but I can't get to any other domain. 

https://filerun.photosandbrew.xyz/wl/?id=IOYS7ym9NBNW7oOgLEQw4LuAVH0BKx5C

Here is the .conf from surfshark that I am using. I haven't done anything with the DNS IP since I want the VPN to us Adguard for DNS.

#
# Use this configuration with WireGuard client
#
[Interface]
Address = 10.14.0.2/16
PrivateKey = <insert_your_private_key_here>
DNS = 162.252.172.57, 149.154.159.92
[Peer]
PublicKey = Smruh1SmMqi7CecjV/+yI4Sy62gpAr+Uddq+9K6iLB0=
AllowedIPs = 0.0.0.0/0
Endpoint = 45.43.19.209:51820

OP, why are you masking the tunnel address and gateway address?

Why is the tunnel address a /16?

Have you include the correct gateway on the OPNsense local config?

You know, that's a good question.  I was tired when I was grabbing screen shots and I think i just started masking any IP I saw. 

The tunnel address is a /16 since it called for it on the SurfShark config and it matched the instructions.

For the gateway on the OPNsense local config, I might be confused on what you mean by this. 

This is the gateway of the VPN tunnel

https://filerun.photosandbrew.xyz/wl/?id=zc3XfZ6hHww08cb0vagQmcc2dkYwBzrX

This is what I have set in the gateway section in OPNsense.

https://filerun.photosandbrew.xyz/wl/?id=cdJmySSmHNzb0cNXHaSf3SdrCGvY96bB

It shows online to the endpoint IP.  When I do a traceroute through that gateway, I see it go through the tunnel so I would think the tunnel works... Right??

I'm going to apologize right off the bat for the long post.  I have been working on this for days now and for the life of me, can't figure out what is wrong.  I have removed the VPN tunnel, rules for it, and started over again using the OPNsense guide https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html.

I'll post my configuration and hoping someone smarter then me can figure out what I'm doing wrong.

First I have the Local and Endpoint set up with the keys in the VPN/Wireguard.

https://filerun.photosandbrew.xyz/wl/?id=vVuBCdi6DjdfxF89D76dfd7DD8aWp9nI

https://filerun.photosandbrew.xyz/wl/?id=OjcufWbascryZFlkGot6SqkbXatTcnbk

I assigned the VPN to an interface and enabled it.

https://filerun.photosandbrew.xyz/wl/?id=EthJSTpN2WDN8mmTdO12389rrx8hUqvk

I then created the gateway.

https://filerun.photosandbrew.xyz/wl/?id=btQam2dAXALq5ikCqPmQOtasvrLnrRPB

I created two aliases.  One for my device to be used on this tunnel and one for the local access as outlines in the guide.

https://filerun.photosandbrew.xyz/wl/?id=xP2mxmoBSrH3Hojb6OJgr7E8zXP1a3jh

https://filerun.photosandbrew.xyz/wl/?id=adsCcbLPmQJ6pDgwwZgwGRYdgqqpJhbx

Next I created the firewall rules.
Lan Rules

https://filerun.photosandbrew.xyz/wl/?id=Du7AJQfide57IuyfeXLlo4zm7x9eSVAw

https://filerun.photosandbrew.xyz/wl/?id=lpTzcJm6YzE4dlYS2PI0xBMjsDrtQc0b

Floating Rules

https://filerun.photosandbrew.xyz/wl/?id=9y85DwAr8qoPbpFmJWScvtHbyGtRzcYi

Outbound NAT rules

https://filerun.photosandbrew.xyz/wl/?id=Tu6KIVQm312djBTktfmmLXb2PPmo1vd1

I did not put in a kill switch yet.  But this is everything I've done with this.  I'm able to connect to my local resources, but cannot get out to the internet.  In the future, I want to start using Adgaurd on my OPNsense and turn of Unbound, i'll have to tackle that later.  What am I missing?

Perfect. I think I got this working now. So simple. LOL Thanks again.

Quick question, does this go in the LAN rules I'm thinking or where exactly.

Awesome, i'll give that a try.  Can't remember if I did that and killed all my outgoing, but will give another shot. :)

I have my router set up to route traffic out via wiregaurd to SurfShark.  That is working fine.  What I am trying to do is make it so traffic to specific IP address goes over my home ISP connection and not through the VPN tunnel.  For the life of me, I cannot get this part figured out.  I followed some guides online but nothing seems to work.  Either I end  up sending all traffic over vpn, all traffic over local ISP.