Wireguard Site 2 Site blocks javascript and other stuffs!

[gh0st]

Hi!

Have Wireguard working but one huge problem, with Wireguard enable all javascripts is blocked which is a huge blocker. When I disable Wireguard everything is working as it should.

So the blocker is Wireguard, but I can't see what is causing this issue? Can't find anything on the net either.

[mimugmail]

Doesnt really makes sense.
Can you shrink MSS for testing?

Interfaces : LAN : MSS -> 1200

[gh0st]

Checked today, and found out others have this problem also when using OPNsense with WireGuard that .js files is being blocked with timeout.

From the console in Chrome when using WireGuard, all .js files ends up with net::ERR_TIMED_OUT.
If I turn WireGuard off, all is fine.

[mimugmail]

Can please give more Details about the sites and Domains where these scripts are?

[gh0st]

Seems that I have found the blocker for it,

Under Firewall -> NAT -> Outbound I have OPT1 as Interface and Source is LAN net. This is provided by my VPN provider, but when turning on WireGuard near everything is blocked in the firewall log by a default deny rule.  :o

If I switch from OPT1 to WireGuard that other guides is pointing out, like this one: https://www.ivpn.net/setup/router/opnsense/. Same results...

Legit connections was blocked with default deny rule.

[gh0st]

But we need to figure out what is blocking javascript with WireGuard on OPNsense... Running WireGuard on my MacBook Pro without hassle! All Javascript is working fine and as they should.

But not with WireGuard on OPNsense.

[mimugmail]

I'm sure it's just something about routing or DNS since wireguard doesn''t look into traffic.

[Gauss23]

Sound like a MTU/MSS problem.

You really should provide more info about your setup.

What is OPT1? And why do you have an outbound NAT rule on that interface?
Who is the other side of the Wireguard tunnel? Is it a site-2-site connection or is your OPNsense only getting one IP address for the Wireguard interface?