(Mullvad) WireGuard VPN Tunnel and Port Forwarding

[sashxp]

Hi,

i've got a Problem with my WireGuard VPN Setup. I have an vm, which only use the VPN. To get this done i use Policy based Routing. I've created a rule where my internal IP 10.10.99.214 uses this special Gateway to get out.

In Mullvad i've configured, that Port 24020 will be forwarded:



In Opnsense i've nothin special configured, i'll let everything out and Port 24020 in:



But the Port isn't reachable. I've checked via Terminal if the WG-Device will be reached by the portcheck - here is the Result:

Code Select Expand

curl https://ipv4.am.i.mullvad.net/port/24020
{"ip":"185.209.xxx.xxx","port":24020,"reachable":false}

in TCPDUMP i see the packages:

Code Select Expand

root@OPNsense:~ # tcpdump port 24020 -n -i wg1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg1, link-type NULL (BSD loopback), capture size 262144 bytes
19:05:21.835267 IP 46.166.184.225.51756 > 10.65.211.67.24020: Flags [S], seq 3635128962, win 64240, options [mss 1380,sackOK,TS val 959671111 ecr 0,nop,wscale 7], length 0
19:05:22.861666 IP 46.166.184.225.51756 > 10.65.211.67.24020: Flags [S], seq 3635128962, win 64240, options [mss 1380,sackOK,TS val 959672140 ecr 0,nop,wscale 7], length 0


Am i missing something? Have i misconfigured something? Any suggestion?