Route 1 IP over WireGuard VPN

[eagle75]

I have OPNSense and I have WireGuard setup for Private Internet Access.  I want to be able to route my downloader machine over that VPN so only that server goes over the tunnel all the rest of the network goes out the default non VPN way.  Any help would be appreciated...I have tried many different tutorials to no avail.

[cookiemonster]

please consider this one https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
If you get stuck, inform at which step you get.

[eagle75]

Thanks...I am stuck here when they tell you to make the first rule...what interface is it on?  VPN one or LAN?

[cookiemonster]

From that documentation, LAN.

[tiermutter]

If you have IPv6 working, remember to do the same for v6 or block it for this device.

[eagle75]

I tried all of that and im still not getting the VPN IP for the external IP of the one machine allowed to go over the VPN

[eagle75]

Actually it looks reversed...the one machine has my ISP's IP for external and all other machines have the VPN IP...how can I switch that

[tiermutter]

Screenshot of your rule and alias?

[eagle75]

Not reversed sorry I didn't realize I had my Mac client connected...its just not working...the machine that should have the VPN IP still has my ISP IP.
Here are the Rules for Lan and Floating.

[tiermutter]

You need to invert destination.
However, if the alias does not need to reach other subnets via firewall, you can also set any for destination (without invert).

[newsense]

There's no justification for the floating rule, and it's wrong anyway.