Stuck at Firewall Rules for Wireguard VPN

Started by snakeyes75, July 27, 2025, 11:51:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 27, 2025, 11:51:42 PM
Hi all -  I created a SurfShark Wiregaurd instance VPN.  The everything from opnsense to Surfshark is connected (the gateway shows up).  I have 2 aliases created (IPTV list - has all the IPTV URLs, and Clients -  has the IPs of clients that I want to connect to surfshark).   So I want to create firewall rules to push all traffic indented for the iptv list to this VPN connection.  So I figure that this would have to be an out rule? 
Interface=LAN
Direction= out
destinations: IPTV List
gateway= Surfshark_GW

and the other rule would be an in rule?
Interface=Lan
source=clients
direction=in
destination=any
gateway=SurfShark_GW

But this does not seem to work, everything is still going over the WAN
July 28, 2025, 03:48:37 PM #1
QuoteInterface=LAN
Direction= out
destinations: IPTV List
gateway= Surfshark_GW
if you intention is to re-route all outgoing traffic from LAN to the IPTV List via the VPN Gateway then the direction should be in. As the packets are incoming for the firewall. Possibly you'll also need a outgoing NAT rule to replace the original LAN IP with the Surfshark IP of the firewall, to ensure proper symmetric routing
Print
Go Up Pages1
User actions