"
I don't understand enough about networking. I think I understand what I want: my LAN traffic should communicate with Internet only via my paid VPN service. Communication directly with internet should not be allowed. Is this a feasible goal?
I am running the newest stable opnsense. I created a wireguard interface and peer and registered the wireguard key with my vpn provider. The wireguard "handshakes" but tells nothing further. I don't know if that means it's working or not or something else.
Pinging 1.1.1.1 from opnsense results in packet loss.
I have a WG1 interface. A WG1 gateway which is offline.
Hybrid outbound NAT for WG1 interface. It translates any LAN net traffic to any destination through the WG1 interface.
Firewall in LAN has out, source lan net, dest wan net, blocked. It has out, source lan net, dest WG1 gateway allowed.
WAN has in, source any, dest LAN net blocked. Any to WG1 net allowed.
WG1 firewall has out from any to any allowed.
I am not sure if all this is correct or wrong, and if I need something else or not. In theory it is simple - force all Internet traffic to go through my paid vpn. In practice it is very hard.
The WG1 gateway should probably work, but it does not work. I don't know why it's not online, or what prerequisites must be met to get it online. Is there some up to date guide on how to do this with the latest WG changes? Wireguard implementation in opnsense seems to be changing all the time.
Thanks.
I am running the newest stable opnsense. I created a wireguard interface and peer and registered the wireguard key with my vpn provider. The wireguard "handshakes" but tells nothing further. I don't know if that means it's working or not or something else.
Pinging 1.1.1.1 from opnsense results in packet loss.
I have a WG1 interface. A WG1 gateway which is offline.
Hybrid outbound NAT for WG1 interface. It translates any LAN net traffic to any destination through the WG1 interface.
Firewall in LAN has out, source lan net, dest wan net, blocked. It has out, source lan net, dest WG1 gateway allowed.
WAN has in, source any, dest LAN net blocked. Any to WG1 net allowed.
WG1 firewall has out from any to any allowed.
I am not sure if all this is correct or wrong, and if I need something else or not. In theory it is simple - force all Internet traffic to go through my paid vpn. In practice it is very hard.
The WG1 gateway should probably work, but it does not work. I don't know why it's not online, or what prerequisites must be met to get it online. Is there some up to date guide on how to do this with the latest WG changes? Wireguard implementation in opnsense seems to be changing all the time.
Thanks.
