Messages

Thank you SO MUCH!

By reading your post, I forced myself to go through those steps and figured out where the problem was!
I have 2 WG interfaces coming in (my devices): WGHome and WGHomeUnsecuredDevices (I don't want my phones to have access to my management VLAN :-))
I had the NAT outbound rule set on the WGHome net and was testing a device on the WGHomeUnsecuredDevices.
It was surely not going to work that way :-p
I fiddled a lot with my different VLANs and routing some through the external VPN and got probably lost in the configuration.

Sorry for this stupid mistake on my end and thank you again for your help!

Hi,

Did you get a solution for this because I have the exact same setup: Wireguard tunnel from my phone to my home and would like to route that towards the Mullvad Wireguard tunnel.

I tried to treat the inital Wireguard tunnel as a normal network and in the firewall rules, I added the Mullvad gateway to the "wan rule" but I would loose network.

That's why I'd be interested if you figured it out :)

Hello,

I've been using OPNsense happily for the past 2 years, but the last 2 releases raised Wireguard issues for me (see reddit issue I described here: https://www.reddit.com/r/opnsense/comments/1c0h163/wireguard_issues_since_update_to_2414/).

According to one comment, I decided to start from scratch and deleted all my Wireguard instances and linked interfaces, firewall rules (on the WAN) to have a "clean slate".

I took the "WireGuard Road Warrior Setup" guide and followed the instructions. As it happened last time I tried to add a new Wireguard instance and interface, then my whole network went down. But this time, I didn't panic and investigated before restoring.

My findings:

- before I add the Wireguard interface linked to the Wireguard instance, everything works
- I create a new interface linked to the Wireguard instance
- all my network to the Internet is down, local network works fine
- in the "Log files" -> "Live view", I see ALL traffic going out of my local network on the Wireguard interface!
- I check the routes and one route has been added automatically (System -> Routes -> Status): 0.0.0.0/1 on the wg0 interface
- I delete the route (and also remaining route from the previous Wireguard instances) -> I can ping outside based on IP address but I cannot resolve any Internet server name!
- I restarted Unbound -> nothing changed
- I restored previous backup

Here is some output of the ping (if that helps):

From a Linux machine:

Code Select Expand

ping google.com

PING google.com (142.250.179.206) 56(84) bytes of data.
From _gateway (10.0.69.1) icmp_seq=1 Destination Host Unreachable
From _gateway (10.0.69.1) icmp_seq=2 Destination Host Unreachable
From _gateway (10.0.69.1) icmp_seq=3 Destination Host Unreachable

From the OPNsense firewall directly:

Code Select Expand


ping google.com

PING google.com (142.250.179.206): 56 data bytes
ping: sendto: No route to host
92 bytes from 127.0.0.1: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 c435   0 0000  40  01 05aa 10.0.100.1  142.250.179.206

ping: sendto: No route to host
92 bytes from 127.0.0.1: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 828f   0 0000  40  01 4750 10.0.100.1  142.250.179.206

Of course, if I change the DNS on a local machine, it works, so somehow, I completely loose the ability to resolve any name from the firewall when I added that interface. I have added VLAN interfaces not so long ago and it worked fine (although I cannot recall if I was already on 24.1.4 when I did).

Can you please help me to understand and fix what's going on?
I really hope that after this is solved, I would be able to (re-)create a working Wireguard connection with my devices...