Author Topic: OPNSense Beginner - Wireguard- Firewall (Read 1991 times)

XeroX · « **on:** May 07, 2020, 02:51:13 pm »

Hello,
I've setup my OPNSense switching from UniFi. I've some basic questions.

1. I setup Wireguard via this:
https://wiki.opnsense.org/manual/how-tos/wireguard-client.html
and
https://www.thomas-krenn.com/de/wiki/OPNsense_WireGuard_VPN_für_Road_Warrior_einrichten#Firewall_Regel_f.C3.BCr_WireGuard
this guide.

I partly skipped configuration of Step 2c of the first guide.

Everything is setup and when the Wireguard Interface is not assigned, internal traffic isn't working.
Assigning the Interface allows me internal + external traffic via VPN even without the Firewall NAT Outbound Rule.
What am I doing wrong?

2. I'm using Pi-Hole as DNS. Works like a charm.

However I want to block all other DNS traffic, only pi-hole is allowed to connect to external dns.

- WAN-OUT <Pi-Hole> DST* TCP/UDP 53
- WAN-OUT * DST* TCP/UDP 53

With this rules Pi-Hole is blocked as well, why? Stop on first match is ticked.

Cheers

XeroX · « **Reply #1 on:** May 11, 2020, 08:23:36 pm »

Anyone willing to assist me to allow DNS traffic to Internet from Pi-Hole (and firewall itself) but deny from every other host?

Maurice · « **Reply #2 on:** May 11, 2020, 09:52:31 pm »

Try LAN-IN rules instead of WAN-OUT.

Cheers

Maurice

XeroX · « **Reply #3 on:** May 11, 2020, 10:53:37 pm »

Okay thank you.

Got it working. Rule must be at the TOP with LAN IN.

IPv4 UDP ! Pi-Hole * * 53 (DNS) * *

Author Topic: OPNSense Beginner - Wireguard- Firewall (Read 1991 times)

XeroX

OPNSense Beginner - Wireguard- Firewall

XeroX

Re: OPNSense Beginner - Wireguard- Firewall

Maurice

Re: OPNSense Beginner - Wireguard- Firewall

XeroX

Re: OPNSense Beginner - Wireguard- Firewall