"
Cross posting here from a thread I started on reddit but also looking here for some help if possible.
I have not long since migrated from a homebrew router on Debian to OPNsense. During the migration I have made a few changes (like moving from OpenVPN to WireGuard) and I have the basics working, almost all in-fact.
The one think I am struggling with is reimplementing policy based routing or the equivalent in OpenVPN. Again, I am not moving from a 1:1 situation that I had previously but making some in-flight changes.
What I want to achieve is to be able to route any given client in my VLANs via one of my VPS nodes. The nodes are linked in something of a mesh on WireGuard (all endpoints that have publicly routable addresses are added into the config).
VPS 1 is connected via WG on 10.10.110.252. From my LAN I can access the VPS and I can from a client connect with WG and route my connection via the VPS. This works now. The enhancement I would like to make is that rather configuring it on the client level, I would like to be able to configure in OPNsense and add a client into a group and that group is routed via VPS1 or VPS2 or my local ISP.
I have followed the guide on "Selective Routing" as closely as possible to my setup - https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
What I am seeing now is when I have a client in the VPSGW Alias group, I am not getting past the default gateway for the subnet.
Thanks in advance.
I have not long since migrated from a homebrew router on Debian to OPNsense. During the migration I have made a few changes (like moving from OpenVPN to WireGuard) and I have the basics working, almost all in-fact.
The one think I am struggling with is reimplementing policy based routing or the equivalent in OpenVPN. Again, I am not moving from a 1:1 situation that I had previously but making some in-flight changes.
What I want to achieve is to be able to route any given client in my VLANs via one of my VPS nodes. The nodes are linked in something of a mesh on WireGuard (all endpoints that have publicly routable addresses are added into the config).
VPS 1 is connected via WG on 10.10.110.252. From my LAN I can access the VPS and I can from a client connect with WG and route my connection via the VPS. This works now. The enhancement I would like to make is that rather configuring it on the client level, I would like to be able to configure in OPNsense and add a client into a group and that group is routed via VPS1 or VPS2 or my local ISP.
I have followed the guide on "Selective Routing" as closely as possible to my setup - https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
What I am seeing now is when I have a client in the VPSGW Alias group, I am not getting past the default gateway for the subnet.
Code Select
traceroute to google.com (142.250.186.142), 64 hops max, 40 byte packets
1 10.10.100.1 (10.10.100.1) 3.150 ms 1.561 ms 1.552 ms
2 * * *
Any pointers of where to look for issues would be helpful.Thanks in advance.
