Wireguard and NAT reflection

Started by herwarth, July 24, 2025, 11:38:02 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 24, 2025, 11:38:02 AM Last Edit: July 24, 2025, 11:53:48 AM by herwarth
Hello,

I have several VLANs and a port forward (80 and 443) to my web server in a VLAN DMZ. I have a domain name on my WAN address, and I can connect to the web server from outside and all VLANs via the external IP address (via DNS resolve).
The strange thing is that I also have a WireGuard server running on the OPNsense router, but I can't connect to the web server via the external address. NAT reflection/hairpinning is failing here.
I don't see anything being blocked.
I specifically created a WireGuard interface (wg0), and I see in the firewall rules that the NAT reflection rules have been automatically created.
I think something is wrong with the routing because wg0 is a tunnel interface, but I can't figure it out.
Extra note: the clients connected to the wireguard server running on OPNsense can connect to internet and all the VLANs.
Print
Go Up Pages1
User actions