Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Struggling with WG Selective Routing
« previous
next »
Print
Pages: [
1
]
Author
Topic: Struggling with WG Selective Routing (Read 1219 times)
N0_Klu3
Jr. Member
Posts: 93
Karma: 2
Struggling with WG Selective Routing
«
on:
July 30, 2023, 02:04:40 pm »
Hi all,
So basically I'm trying to get WG setup with Mullvad VPN purely for a few devices.
As such I followed:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
But for whatever reason when this is setup all internet on my LAN ceases to work. I'm not 100% sure if its just DNS not working or actual packets being let out.
Disclaimer: I do have WG setup to allow remote access to home from my phone/laptop.
This works perfectly and I setup a NEW Interface and new Local/Endpoints for Mullvad.
I am not sure where I am going wrong with my setup that it kills my internet when Mullvad gets enabled.
I have double checked and triple checked I followed the guide.
I am using AdGuard DNS plugin, and have that setup.
So unless its something in my DNS setup that I need to tweak?
But not sure why it's affecting my entire network instead of just the new Mullvad VPN I setup.
Gateway is alive and up, and monitoring is enabled and its able to reach out, and I can see the handshake is successful.
My Server that is setup with Mullvad gets access and works fine and can see its connected to Mullvad.
But everything else is just dead.
Logged
swILeZBa
Newbie
Posts: 28
Karma: 2
Re: Struggling with WG Selective Routing
«
Reply #1 on:
November 25, 2023, 01:20:02 am »
I recently used the guide for selective routing to setup ProtonVPN as an external endpoint.
I think you are in a good path if your gateway is online and you can see traffic on the VPN diagnostics page.
A few common gotchas could be not checking Inverted when you should or skipping checking a rule as Quick.
If you want someone to help you would have to share your firewall rules.
For my rules in a nutshell, I allow nonRFC 1918 traffic in the bottom of my "LAN" firewall rules and then specifically allow any traffic that I need to allow. Then on top of that I have the rules to route traffic from specific hosts (the Alias defined in the guide) through the VPN gateway + the Floating rule and the Outbound NAT suggested in the guide. I then had to experiment a bit to get the DNS leaks sorted but all in all pretty straightforward.
There was a small gotcha with the private and public keys for Proton but if you say that Wireguard works fine then that shouldn't be it.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Struggling with WG Selective Routing