Messages

How are the plugin installed?

I have OPNsense 20.1.1-i386

If I go to System : Firmware : Plugin I can't find the WireGuard plugin listed

How I install the WireGuard plugin?

On what device do you have OPNsense installed? Does it require the i386 32-bit version?

Has anyone else seen issues with Wireguard since the most recent update (yesterday)? 
It may be coincidental, however my Wireguard-Mullvad configuration, based on the routerperformance.net Azire write-up, was working well, but it suddenly prevents my network from internet access.  I'm not sure what exactly is happening, but nothing in my config has changed.  I've tried starting over, to no avail, I have no internet access as soon as I turn on the VPN, and it returns as soon as I turn it off.

Thanks for your reply! I don't want to specify specific destination. I just want some IP or some Interface to use VPN and others to use WAN. If I put a Rules on LAN with Gateway to VPN, all my computer on the interface doesn't have internet access.

OK, so I guess I misunderstood the original post.  However, in order to direct internal devices to use VPN or WAN, you still have to set those as the Gateway under Firewall > Rules > LAN, and direct that specific device or Alias for multiple devices/addresses to use the Gateway that you want them to use.  Then the priority should also be set accordingly in the list of LAN rules, with the narrowest rule at the top, and the most broad rule (usually the automatically generated ones) at the bottom. 
Lastly, if your VPN Gateway doesn't have internet access, have you set up a NAT > Outbound configuration for the Interface?  If not, you'll need to, using either Hybrid or Manual, and setting up the VPN Interface with a NAT configuration (source: any, NAT address: x.x.x.x from your VPN provider).

Set up an Alias (under Firewall) with those IPs as a destination, you can list each one under Content, or set target and insert a range of IPs.  Then under Firewall > LAN, create a rule selecting the Alias under Destination, and the new OpenVPN as the Gateway.  Someone may have a better way, but this is the way I've set up other routing to either the VPN or WAN and it works for me.

Talking to myself again...
But I was able to get this to work by changing settings for the Alias group from "URL (IPs)" to "Hosts" and from Source "Any" to "LAN net", and setting Protocol to just IPV4*
Seems to work well, any host url that I place in the Alias group will route directly to the WAN and bypass the VPN gateway. 

Upgraded via GUI on an HP Slimline 290 Celeron G4900 (Coffee Lake 3.10Ghz, 2 cores), no problems at all.

Well my firewall LAN rules for the two devices to route to the WAN rather than the wireguard VPN gateway worked.
On the other hand, the rule for websites which don't play nice with a VPN did not.  Anyone know how to set this up with wireguard?
I created a rule with IPv4-TCP/UDP protocol, any source, destination URLs list (in Alias grouping) sent to WAN Gateway.  Doesn't seem to work, the sites are still blocking access as the VPN isn't being bypassed.

OK so I think I figured it out, via a couple of youtube videos for that other 'sense.  Built firewall LAN rules and aliases to direct the traffic from static IPs or to destination urls (with alias) through the WAN ahead of the VPN.  All good. 

For reference: https://youtu.be/ekRgAATnIsU?t=238

This is what I would do:

- Start with a survey of your network so that you don't forget any clients. Fing is a handy tool (other survey apps are available).

I just look up the network devices via OPNsense reporting of all the LAN DHCP leases at:
https://192.168.1.1/status_dhcp_leases.php
Am I missing something?  Or is it better to use another tool?

Hi - new user here, so forgive my noob question.  I have OPNsense setup using Wireguard w/Mullvad VPN, using the routerperformance.com tutorial for AzireVPN.  All works well, except I have two devices on my network that need to bypass the VPN, and additionally there are some websites (bank, etc) that don't function via the VPN service.  Can someone point me to a simple guide to follow, or provide steps, as to how I set rules to selectively bypass these devices (I can set static IP addresses if needed) and websites from the VPN so they connect directly?

New user here, been running OPNsense for about two weeks it is fantastic.  Made a donation a week ago, have to support this project!