Gateway Routing through Wireguard VPN

[racer]

Hi,
this is my setup (simplified):

Code Select Expand


   ┌───────────────┐
   │  Client       │
   │  10.3.13.3/26 │
   │               │
   └────┬──────────┘
        │
        │
        │
   ┌────┴──────────────┐
   │  OPNSense         │
   │  10.3.13.1/26     │     ┌───────────────────┐
   │                   │     │  Default Router   │
   │  DHCP             ├─────┤  10.3.13.145/29   │
   │  10.3.13.149/29   │     │                   │
   │                   │     └───────────────────┘
   │                   │
   │  Wireguard Client │     ┌───────────────────┐
   │  10.0.5.3/32      ├─────┤  Wireguard Server │
   │                   │     │  10.0.5.1/24      │
   └───────────────────┘     │                   │
                             └──────┬────────────┘
                                    │
                             ┌──────┴────────────┐
                             │ Optional Router   │
                             │ 10.0.5.7/32       │
                             │                   │
                             └───────────────────┘


I use the default router for basic internet access in Office 1. I have set up a VPN server which routes different networks in multiple offices. Works beautifully. What I now want to achieve is that one of our Clients (10.3.13.3) in Office 1 uses another gateway (10.0.5.7). This optional gateway is reachable through the Wireguard VPN connection.

So what I tried is to create a new simple gateway in OPNSense (under System -> Gateways) and then created a firewall rule that routes traffic of this one client through the newly defined gateway. But when I activate this firewall rule I cannot connect to any destination (Destination Host Unreachable) from the client.

Did I do something wrong here?

[Greelan]

Might need an outbound NAT rule?