WireGuard Mullvad VPN - only works when I'm also connection via the Mullvad app

Started by guest27102, January 16, 2021, 08:24:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 16, 2021, 08:24:48 PM
I've been following the guide on the docs ☞ https://wiki.opnsense.org/manual/how-tos/wireguard-client-mullvad.html#step-2-assignments-and-routing and this guide ☞ https://listed.to/@lissy93/18842/how-to-mullvad-vpn-using-wireguard-on-opnsense, they are pretty much identical.

I can't get it working, I'm sure I'm missing a firewall rule or gateway somewhere. I have no internet connection. Although strangely, if I connect to Mullvad iOS or macOS app the internet starts working, and as soon as I disconnect from the app – no more internet. I have unchecked the kill switch in the Mullvad.app, so it is not that. 😁

I have only tried deviating from the above guides, by setting Firewall > NAT > Outbound > Source address to my AP net instead of LAN net, because the LAN is inactive, nothing is connected to it.

Any tips? Or does someone have a clue?

Thanks
January 17, 2021, 08:57:41 AM #1
Can you post screenshots of firewall rules and nat outbound rules?
January 17, 2021, 09:26:40 AM #2
Hi Kieeps,
Thanks for getting back.
Yes I can and I have uploaded them here. It is impossible to downsize them all to fit this forum rules  :-\
The link expires in 7 days: https://send.tresorit.com/a#rbGtbXX4yYV0kgmVVZtlqA
January 17, 2021, 11:05:40 AM #3
One observation is that the interface in your outbound NAT rule should be Wireguard, not AP
January 17, 2021, 11:25:22 AM #4
Yes, and it originally was. But the interface was remove, perhaps because I made a modification. I enable the VPN and WireGuard interface was available again. Unfortunately didn't solve the problem.
January 17, 2021, 11:45:14 AM #5
Is the Disable Routes option enabled in the WG config? If you want your whole network to go via the VPN, it shouldn't be

Maybe you need to show your WG config too (masking private keys etc)
January 17, 2021, 12:37:53 PM #6
QuoteIs the Disable Routes option enabled in the WG config?
No it is not.

Here the Local and Endpoints ☞ https://send.tresorit.com/a#NZjoBKBUCzpRGbH1XwNHnA
January 17, 2021, 07:39:54 PM #7 Last Edit: January 17, 2021, 07:41:43 PM by Greelan
Sorry, ignore my post just now...
January 17, 2021, 08:28:26 PM #8
Did you restart WG after fixing the NAT outbound rule?

Other than that, I am little at a loss. It sounds like it could be a routing issue. However, my understanding is that if Disable Routes is unchecked then WG reconfigures the default routes to use the tunnel.

That said, I've only tested configs with external VPN providers where the Disable Routes option has been checked, and then a VPN gateway, and specific FW rules to use that gateway, have been configured, as I have only wanted to send certain traffic down the tunnel, not everything. Along the lines of this: https://imgur.com/gallery/JBf2RF6
January 24, 2021, 10:20:43 AM #9
QuoteDid you restart WG after fixing the NAT outbound rule?
Yes, and I have also tried rebooting the OPNsense device.
Print
Go Up Pages1
User actions