No internet on LAN computers after WireGuard setup

Started by roninxt, April 20, 2021, 01:35:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 20, 2021, 01:35:18 PM
I followed this to setup WireGuard: https://docs.opnsense.org/manual/how-tos/wireguard-client.html
It's working fine when I connected my phone as a client and I can access my network, my phone also has internet.

Other computers (non WireGuard clients) that are connected to LAN unfortunately don't have internet access. I have to disable Wireguard VPN to bring back the internet connection. It looks like a DNS resolution issue as indicated in my browser. Unbound by default is listening to all outgoing interfaces so this shouldn't be a problem? Btw, I also use DNSCrypt-Proxy so Unbound serves as a forwarder. Any idea on how to solve this?
April 20, 2021, 02:20:11 PM #1
Is the VPN subnet different to the LAN subnet?
April 21, 2021, 12:08:54 AM #2 Last Edit: April 21, 2021, 03:18:23 AM by roninxt
Yeah the VPN subnet is 10.0.0.1/24 while LAN is 192.168.0.1/24
April 21, 2021, 03:39:10 AM #3
You probably need to share your configs in order to troubleshoot
April 21, 2021, 09:13:03 AM #4
In the wg server config don't enter a DNS server and restart wg.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
April 21, 2021, 09:44:55 AM #5
I was thinking the same thing, given the wg-tools habit of overwriting resolv.conf. Although if the DNS server was set to the local unbound server it should have still worked
April 22, 2021, 12:17:01 PM #6 Last Edit: April 22, 2021, 12:49:50 PM by roninxt
Quote from: chemlud on April 21, 2021, 09:13:03 AM
In the wg server config don't enter a DNS server and restart wg.

This didn't fix the issue.

It looks like it's the server instance that's causing this. I enabled WireGuard but disabled the server instance, it didn't affect the LAN internet. When I enabled the server instance that's when the issue happens.

The server instance setup is standard:
Local
Code Select
Listen Port: 51820
DNS Server: 192.168.30.1
Tunnel Address: 10.11.0.1/24
Peers: <see Endpoint below>

Endpoint
Code Select

Allowed IPs: 0.0.0.0, 10.11.0.2/32


Again, I have Unbound setup with DNSCrypt-Proxy.
April 22, 2021, 12:21:44 PM #7
Remove 0.0.0.0 from the endpoint config on OPNsense
April 22, 2021, 02:01:15 PM #8
I removed the 0.0.0.0 from the Endpoint.

I finally know what's the problem. It's my WG0 interface. For some reason it was using igb0 which is the WAN interface. I'm using PPPoE so there was another interface created igb0 pppoe which is used by WAN. What's weird is there's no wg0:000:000 assignment to choose from the dropdown. So I deleted the WG0 interface, reinstalled WireGuard and enabled it and did the setup properly again. This time wg0:000:000 can be selected.
Print
Go Up Pages1
User actions