Messages

Apparently my problem was that I updated the firmware. The setup just refused to work with the same settings, so I downgraded to an older one.

I today tried upgrading from OPNsense 23.7.6-amd64 to OPNsense 23.7.12_5-amd64 and this time the setup seemed to work well. I have no idea why that was so but I am glad the updates seem to work again, since I was hesitant to try to upgrade the system upgrade again.

I think I will let the 24 series bake in for a quite a while before attempting to jump to that.

I don't understand enough about networking. I think I understand what I want: my LAN traffic should communicate with Internet only via my paid VPN service. Communication directly with internet should not be allowed. Is this a feasible goal?

I am running the newest stable opnsense. I created a wireguard interface and peer and registered the wireguard key with my vpn provider. The wireguard "handshakes" but tells nothing further. I don't know if that means it's working or not or something else.

Pinging 1.1.1.1 from opnsense results in packet loss.


I have a WG1 interface. A WG1 gateway which is offline.

Hybrid outbound NAT for WG1 interface. It translates any LAN net traffic to any destination through the WG1 interface.

Firewall in LAN has out, source lan net, dest wan net, blocked. It has out, source lan net, dest WG1 gateway allowed.


WAN has in, source any, dest LAN net blocked. Any to WG1 net allowed.

WG1 firewall has out from any to any allowed.

I am not sure if all this is correct or wrong, and if I need something else or not. In theory it is simple - force all Internet traffic to go through my paid vpn. In practice it is very hard.

The WG1 gateway should probably work, but it does not work. I don't know why it's not online, or what prerequisites must be met to get it online. Is there some up to date guide on how to do this with the latest WG changes? Wireguard implementation in opnsense seems to be changing all the time.

Thanks.