Wireguard tutorial for client use?

[tusc]

Now that 19.7.3 is out I though I'd try to setup Wireguard with my Mulvad account. I'd like to use policy routing so only a subset of clients in the LAN route through the Wireguard tunnel. Are there any guides out there on how to set this up similar to the openvpn guides? Everything I find on Wireguard and OPNsense is about road warriors. Thanks.

[hbc]

It's always good to have a wineguard. Keeps care not to drink too much alcohol 

[tusc]

LOL. I didn't catch that typo. Fixed now. Thanks!

[mimugmail]

Have you read Mullvad Guide at OPNsense Docs?

[tusc]

Have you read Mullvad Guide at OPNsense Docs?

This link? https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

I have. I can establish a tunnel to Mullvad. My issue is figuring out the rest, what NAT rules to add for policy routing, what should "allowed IPs" be set to, what should the gateway IP address be set to?

*EDIT*

Ok,

I think I have everything in place, the NAT outbound rule, FW LAN rule with the gateway selected. Unfortunately the gateway shows as defunct and I cannot get traffic through the tunnel.

[swingline]

Have you read Mullvad Guide at OPNsense Docs?

This link? https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

I have. I can establish a tunnel to Mullvad. My issue is figuring out the rest, what NAT rules to add for policy routing, what should "allowed IPs" be set to, what should the gateway IP address be set to?

*EDIT*

Ok,

I think I have everything in place, the NAT outbound rule, FW LAN rule with the gateway selected. Unfortunately, the gateway shows as defunct and I cannot get traffic through the tunnel.

You have to put an IP address in the gateway or it won't work.

I have my wireguard server running on a VPS, and I am unable to get policy-based routing to work using a created gateway for wireguard. I have to route all of the LAN subnet out the wireguard interface. But I was able to selectively bypass wireguard with aliases and using the WAN gateway.

[mimugmail]

Let's say your WG server has tunnel address 10.1.1.1 and your WG client has 10.1.1.10. Then you create on the WG client a gateway in interface WG (it has to be assigned) with gateway IP 10.1.1.1. And with 19.7.3 you have hidden behind advanced field in local instance (still on client) a Gateway field. There you also type 10.1.1.1 and restart the daemon.

Now you can set policy routes via rules.