Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - deans20

Pages1
#1
24.7, 24.10 Series / WureGuard issue after upgrade
August 12, 2024, 04:01:47 PM
Hello,

I upgraded to 24.7 (now on 24.7.1) and my WireGuard VPN seems to have issues. I'm using MullVad, and this worked great for a good year. But, something (perhaps upgrade to 24.1.x or 24.7) seems to have caused it to stop working. 

Set-up
- OPNSense bare-metal on a Protectli VP2420
- a few VLANs

As above, has been working fine but one of the recent upgrades / something seems to have upset the VPN connection.

What is the issue - WireGuard shows as connected and up with handshake, but my Client Devices can not use the VPN.

I have tried:

* I have tried recreating the Instance and Peer
* Checked the Interface and Gateway
* Restarted WireGuard and Rebooted the Router

Have assigned the wg0 interface, and added to Gateway. The Gateway is showing as Online.

Anybody else had similar issues?

What info would I need to share to help troubleshoot this issue? How can I narrow this down to DNS or VPN or Firewall etc issues?
#2
Virtual private networks / Re: Why is traffic routed to VPN also going to WAN?
July 14, 2023, 07:52:56 PM
Ah, yes I guess it does.  So, this is normal.

So, the Wireguard traffic (green) is the encapsulated (VPN) traffic going through the WAN (amber).  Hence amber being slightly larger in the graphs.  Doh.

OK.  So, how would one test that the VPN is working?  In this case, all data from one docker machine (say on 192.168.1.142) is routed through VPN.  How would I test that this is working and there is no other traffic not going through the WAN?
#3
Virtual private networks / Why is traffic routed to VPN also going to WAN?
July 14, 2023, 07:39:29 PM
I've setup WireGuard, and routed traffic via the VPN.  But from the Traffic Reports it looks to be also going through WAN.  Am I reading this correctly that the traffic is going through both the VPN (dark green) and the WAN (amber)?


#4
Virtual private networks / Selective VPN to specific sites
July 14, 2023, 10:23:46 AM
I am trying to route traffic destined for / from specific websites through VPN.

I followed this guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

What I have set-up:

1 - WireGuard with Mullvad.  The Status shows connected hand shake etc look ok.

2 - WG interface: WireGuardInterface

3 - Gateway: WireGuard_GW1

4 - Aliases

Code Select
Name: VPN_PublicIPs
Type: Hosts
Content: list of external IPs I want through VPN

5 - Firewall Floating Rules

Code Select
Action: Pass
Interface: non selected
Direction: Out
TCP/IP: IPv4
Protocol: any
Source: WireGuardInterface address
Destination: WireGuardInterface net
Gateway: WireGuard_GW1

6 - Firewall LAN Rule

Code Select
Action: Pass
Interface: LAN
Direction: In
TCP/IP: IPv4
Protocol: any
Source Invert: No
Source: any
Destination Invert: No
Destination: VPN_PublicIPs
Gateway: WireGuard_GW1

7 - Firewall NAT Outbound

Code Select
Interface: WireGuardInterface
TCP/IP: IP44
Protocol: any
Source: any
Destination: VPN_PublicHosts
Translation / target: Interface address


However, traffic does not seem to be going through the VPN.  Any ideas what I am doing wrong?


Additionally, as it wasn't working I set-up further LAN and NAT Outbound to direct any traffic from my laptop on 192.168.1.100 through the VPN.  This seems to send traffic through the VPN and the WAN as can be seen in the Traffic Report.


Is this linked to the earlier issue?  Any idea why traffic is going through both Gateways?


Thank you for any guidance you can provide to try to get this working.

Pages1