"
Just came here to say that if you're following the guide and looking to get more than 1 wireguard instance set up (I spent hours troubleshooting a few days ago only to realize a Mullvad peer was replying to pings but down), you can use gateway groups. Just modify your selective routing rules to target the new gateway group. The one hiccup for me was that I followed this tip to make certain RFC 1918 addresses route over wireguard according to step 8 of their selective routing docs...
... so I needed to make a rule for each gateway, instead of adding the second gateway to the rule I originally created. Now the failover is pretty much seamless!
QuoteNote
The rule below will mean that no local (private) IPs can be accessed over the tunnel. You may have a need however to access certain IPs or networks at the VPN endpoint, such as a DNS server or monitor IP. In that case, you will need to create an additional firewall rule in OPNsense to ensure that requests to those IPs/networks use the tunnel gateway rather than the normal WAN gateway. This rule would be similar to that created below, except that the destination would be the relevant IPs/networks (or a new Alias for them) and the destination invert box would be unchecked. This rule would also need to be placed above the rule created below
... so I needed to make a rule for each gateway, instead of adding the second gateway to the rule I originally created. Now the failover is pretty much seamless!
