"
I have a new device running version 24.7 (pre-installed), which has not yet been connected to the internet. I have done some initial setup to route LAN traffic over WireGuard to my VPN provider, and to setup Unbound DNS in preparation for connection to the outside world. I would like to ensure that traffic from the OPNSense device itself is also routed through the WireGuard gateway. For example, I want OPNSense system/security updates to be downloaded through my VPN provider. I also want my DNS blocklists to be downloaded through my VPN provider. (I live in a college town where internet/wi-fi abuse is rampant; my cable modem should be considered HOSTILE.)
I used this guide for VPN setup: <https://kb.protectli.com/kb/proton-vpn-opnsense-protectli-vault/>
Is the OPNSense box itself considered part of LAN, such that I don't need to be concerned about this?
Or, do I need a separate firewall rule to ensure that OPNSense traffic also goes through my WireGuard tunnel? How do I identify OS traffic and specify that it should be routed like any other LAN traffic?
(I am concerned about the automatically generated rule "let out anything from firewall host itself".)
I used this guide for VPN setup: <https://kb.protectli.com/kb/proton-vpn-opnsense-protectli-vault/>
Is the OPNSense box itself considered part of LAN, such that I don't need to be concerned about this?
Or, do I need a separate firewall rule to ensure that OPNSense traffic also goes through my WireGuard tunnel? How do I identify OS traffic and specify that it should be routed like any other LAN traffic?
(I am concerned about the automatically generated rule "let out anything from firewall host itself".)
