No ICMP with WireGuard Selective Routing to External VPN

Started by scat70, May 30, 2025, 04:26:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 30, 2025, 04:26:47 PM
Hi!

As unfortunately I have various peers who use the default network 192.168.178.0/24 on there Fritzbox routers I need selective routing based on specific DST IPs or SRC IPs. For this I setup Wireguard VPNs as explaind here https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html. This generally works fine :-) However even though the rules match IPv4/* (and thus include ICMP) ICMP does not work here. The rules are simply not matched. Instead the ICMP/PING requests are tried to send out using the default gateway, which of course fails. As soon as I define a dedicated host route for one destination IP, also ICMP works. However without the host routes with just the gateway definitions (like explained in the docs) in place just everything else beside ICMP works. I would really like avoid lots of ugly host routes.

BR, Marc
Print
Go Up Pages1
User actions