Can't route LAN traffic over Wireguard Gateway

Started by omill728, February 15, 2024, 01:28:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 15, 2024, 01:28:57 AM
Hello,
I've had OPNsense set up for a while and have been able to do everything that I want except this. I have a Wireguard set up with a VPN provider so that I can route traffic from certain hosts in my LAN over the VPN connection and port forward over the VPN as well. I cannot figure out what I'm doing wrong. My regular WAN works fine and I've followed various guides such as https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html without luck.

I have been able to get this to work with OpenVPN, but when using Wireguard traffic seems to stop at my OPNsense router. As soon as I set up a firewall rule to set my Wireguard connection as the gateway for an address, the device that the rule applies to loses connection to anything outside the LAN. I have been able to get the router itself to successfully use the VPN as its gateway.
If I ping any address outside of my LAN from a device whose traffic should go over the VPN, my OPNsense responds, even if it wasn't the address being pinged. For example, if I ping 9.9.9.9:
QuotePING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=0.137 ms (DIFFERENT ADDRESS!)

Any info on what I might have misconfigured or what would cause my router to respond to other pings would be greatly appreciated. Thanks!
February 15, 2024, 10:06:58 AM #1
Show your configuration for this, GW, routes, rules.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
January 16, 2025, 01:32:25 PM #2 Last Edit: January 16, 2025, 02:52:50 PM by cooljimy84
Over a year old this post, but i'm having the same issue. I even rolled back the version thinking it was a update.

It's weird as if i add a route (system, config, routes) for an ip address to route out via the wireguard tunnel, start pinging it and then up and down the tunnel. I can see the ping go from 5-8ms (tunnel is down) to 20-35ms (tunnel is up) but i get the same DIFFERENT ADDRESS from device on the LAN.

followed the same guide as person above but also crossed checked with https://gist.github.com/morningreis/eeda36e8bb07dcb750d77e9a744776e8

*** Now working for me
I changed the 10.2.0.2/32 that Proton and the guide said to use, to 10.2.0.2/24 and it's all working now... strangely
Print
Go Up Pages1
User actions