WireGurad Mullvad - Help! 😖

[Liss]

Hi!

I'm very new to OPNsense, and firewalls altogether, but so far I am really impressed by OPNsense's ease of setup, comprehensive documentation, and awesome community.

But I've gotten stuck on one thing- setting up an outbound WireGuard VPN to connect with Mulvad. I've closely read some similar posts on this forum, along with the official documentation- and I have tried so much stuff, but am having trouble getting it working.

Once I enable VPN, I basically have no internet connection. If I check 'Disable Routes' for my local instance (in WireGuard --> Local), then I have internet, but it's not going through Mullvad.

I'm a software engineer usually, and I'm starting to get worried that all this is way above me, there's so much to learn, but it's been hard to know where to start.

These are the steps that I have taken, to get to where I am. And I was wondering if any of you notice something that jumps out as being incorrect, if so, I would really appreciate some pointers - thank very much in advance :) 





Under VPN --> WireGuard --> Local, I created an instance which looks like this:

Name: Mullvad
Public Key: (Automatically Generated)
Private Key: (Automatically Generated)
Listen Port: 51820 (unique)








Next, as per the docs, I SSH'd in and ran this command:

Code Select Expand

curl -sSL https://api.mullvad.net/wg/ -d account=[my-mullvad-account-number] --data-urlencode pubkey=rvUwhXX1P7N2LqJf2MM1Ln4PjFxVN1+fiWF4E2BFHQM=


Which gave me this output:

Code Select Expand

00.xx.xxx.xx/xx,fc00:bbbb:bbbb:bb00::0:0x00/128$
_{(I'm not sure if this result is meant to be private, so I've switched the letters for x, and the numbers for 0)}




Under VPN --> WireGuard --> Endpoints, I created an instance which looks like this:

Name: MullvadInstance
Public Key: J57ba81Q8bigy9RXBXvl0DgABTrbl81nb37GuX50gnY= (from Mullvad instance)
Shared Secret: [blank]
Allowed IPs: 0.0.0.0/0
Endpoint Port: 3060 (from Mullvad instance)






Under Firewall --> NAT --> Outbound, I switched the Rule Generation mode to Hybrid (from automatic), then created a new manual rule.


Interface: WireGuard
Source Address: LAN net
Translation / Target: Interface address

And left all other fields as default






Finally, under VPN --> WireGuard, I checked Enable WireGuard.

The configuration gave the following output:








Notes

My Mullvad account is correct, and topped-up

The Mullvad WireGuard instance I am trying to connect to, looks like this:

Code Select Expand


Server Name: gb5-wireguard.mullvad.net
Socks5 Proxy Address: gb5-wg.socks5.mullvad.net:1080
Public Key: J57ba81Q8bigy9RXBXvl0DgABTrbl81nb37GuX50gnY=
Multihop Port: 3060
Location: London, UK
Provider ID: 31173

Mullvad's DNS server IP:

Code Select Expand

193.138.218.74 Source: https://mullvad.net/en/help/dns-leaks/


Primary sources I used so far:
- OPNsense Docs WireGuard MullvadVPN Road Warrior Setup: https://wiki.opnsense.org/manual/how-tos/wireguard-client-mullvad.html
- OPNsense Forum - Wireguard & Mullvad - I'm lost.....: https://forum.opnsense.org/index.php?topic=15105.0
- Jonny's Screenshot Guide, via Imgur: https://imgur.com/gallery/JBf2RF6
- Thomas Krenn's guide to OPNsense WireGuard Configuration: https://www.thomas-krenn.com/en/wiki/OPNsense_WireGuard_VPN_for_Road_Warrior_configuration

[mimugmail]

Your screenshot says nat on interface LAN and mit WireGuard

[Liss]

I finally got this to work -  I spent way more time than I'd like to admit on this! Thank you for the help :)

In the end, all I changed was Disable routes in the local config, the I removed the gateway IP, added the IPv6 address into Tunnel Address. Then reset the VPN, and a minute later it connected.

I wrote up the solution that worked for me here, in case anyone else is having similar trouble getting started

Thank you for your help 🙌

[mimugmail]

Great  8)