[solved] Can't get OPNsense to act as WG Server & Client simultaneously

[frankw]

Hi all, strange issue here.

I have configured OPNsense first as a client to do selective routing (specific hosts) via Mullvad using the guide on the website, and that is working fine. I have created an interface, a gateway and set up all firewall rules.

I have also then configured OPNsense as a server (road warrior setup), which I have also done successfully. I've created an interface for this and a separate subnet, and clients can connect and access internal and external resources (as per my fw rules).

However...the two do not work together simultaenously.

When both are enabled (under WireGuard, Local), the road warrior clients can no longer get a handshake, but Mullvad continues to work. When I disable Mullvad, the road warrior clients work fine. Both have their own interface. I am not trying to route any of the road warrior clients via Mullvad.

Any thoughts on what the issue could be? I saw this same issue mentioned in the comments here, but without successful resolution. Thanks!

[Demusman]

First off, there is no Wireguard client or server, it's all just peers. Once you get your head around that it'll be a lot easier to understand.

Are you using any overlapping IP's or ports by any chance?

[Greelan]

The two do happily work together. I have this setup. We will need to see your configuration to troubleshoot. If you followed the guides correctly, then it should be fine.

BTW, these are the relevant guides:

https://wiki.opnsense.org/manual/how-tos/wireguard-client.html

https://wiki.opnsense.org/manual/how-tos/wireguard-selective-routing.html

[frankw]

Are you using any overlapping IP's or ports by any chance?

That's exactly what it was, I was using the same port, I think maybe I thought it was listening on different interfaces. Always the simple things

Thank you both for your ideas - and for the excellent guides