Messages

Nevermind. I had my firewalls rules misconfigured.

We use wireguard for VPN between sites. Two of our sites have DHCP addresses while others have static public IP addresses.
To enable connectivity, the sites with static IP addresses, under wireguard endpoint connection don't have the other party address, as this is not known.

After upgrading a site with static IP, we noted that the two sites with DHCP would not connect back to this site. I tried restarting the wireguard at both ends. When checking wireguard status, the DHCP site is sending traffic to the static IP one, but nothing being received.

Note that this is happening with 24.7.1, as the other sites under 24.7_9 are not displaying this behaviour.

We have set up a Site to Site connection using wireguard. We use this connection for regular office traffic as well as for heavy remote backups.

We also have a WAN failover comprised of a fiber connection and a backup 5G service.

When the main ISP is down, the wireguard connection gets recreated on the 5G service, but all the bandwidth is being taken away by the backup traffic. Is there a way to block this heavy traffic over the wireguard interfaces when we are in the slow 5G network?

Why don't you just create one Wireguard network, with two Peers:
On Servers, the peers will be OPNSense and Mikrotik,
On OPNSense, the peers will be Servers and Mikrotik,
On Mikrotik, the peers will be OPNSense and Servers

That way everyone can talk to each other over the same WG network.