Messages

1

23.1 Legacy Series / Re: Policy based routing w/Mullvad Wireguard - Help needed

« on: April 07, 2023, 07:59:37 pm »

Hello All, After much help from many in this thread and on Reddit, I was able to get this working and in a much simplified way compared to the opnsense guide. Here are the changes:

•     Step 2: Do not specify the gateway
•     Step 4: Check the 'Dynamic gateway policy' box
•     Step 6: Skip all together
•     Step 9: Skip all together

Here are the updated images: https://imgur.com/a/gxsjjge

2

23.1 Legacy Series / Re: Policy based routing w/Mullvad Wireguard - Help needed

« on: April 05, 2023, 05:04:38 pm »

I am also very curious how other people create their WG gateways.   

I was watching a PFsense load balancer video, and they created a gateway with the same IP address as the local endpoint of the wireguard connection.    If I try to set the gateway as the local IP address in the endpoint page, I get an error.

Any examples?

3

23.1 Legacy Series / Re: Policy based routing w/Mullvad Wireguard - Help needed

« on: April 05, 2023, 03:08:29 pm »

Sorry, I didn't have time to respond to the responses yesterday - work was rather busy.

Well, the oddest thing happened and this bothers me more than the main issue.   The day I posted, routing was not working and I just went to bed after being frustrated with getting this working for the weekend.

Today, I decided to capture some packets from the client as well as the router and see if I could figure out which step was failing.   Oddly, it is routing perfectly today.   

I ended up cloning my VPN configs with another endpoint and that one works as well.    I added both to a gateway group and traffic flows out both.

I can't for the life of my figure out how things started working with no additional changes.

4

23.1 Legacy Series / Policy based routing w/Mullvad Wireguard - Help needed

« on: April 04, 2023, 12:20:51 am »

Question originally posted on https://www.reddit.com/r/opnsense/comments/128z2l5policy_based_routing_wmullvad_wireguard_help/
I received some good responses, but wasn’t able to get the issue resolved.   I thought I would try here as well.  I also completely deleted the configuration after my first post and started over so the images/IP addresses, etc have changed.

Hello All,

My goal is to route all traffic from a vlan to Mullvad.

I am trying to implement policy based routing for a wireguard tunnel as described in https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html   I have the configuration complete and it isn't working as expected.   I have been re-reading and everything looks right to me, but I am sure I am missing some simple change.

Images of all steps from the configuration guide are documented here https://imgur.com/a/5WnZpMB 

Environment:
    • Opnsense 23.1.5
    • Intel N5105 embedded PC from Aliexpress w/ i226 nics
    • vlan4 is 192.168.105.0/24 which is the subnet I would like to route for only VPN traffic on eth1. 

I followed the instructions here: https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.htm to get the keys, my IP (10.66.158.124, etc. On the dashboard, I see handshakes happening, monitoring across the link is working, so I am assuming the tunnel is ok.

Issue:  From the VLAN, I am unable to ping or connect to anything on the internet via the VPN subnet.  Access to local networks works fine if I open rules for them.  This is my first attempt at policy based routing and something seems to be missing.

Any thoughts or suggestions on how to debug?