Routing for Wireguard appears to be broken.

[grimelog]

Recently, I needed to enable my VPN again, and enabling the gateway for it no longer works. I have confirmed that I am successfully handshaking with wireguard. So, that is not the issue.

How I have my DNS setup is Unbound forwards specific queries to DNSMasq, and connecting to those websites works successfully. However, connecting to the websites intended for Unbound does not work if my Wireguard gateway is up. Previously, this behavior worked as expected. Even rolling back to a known working configuration did not work. Is anyone able to help?

In /usr/local/etc/dnsmasq.conf.d/dnsmasq-ipset.conf:

Code Select Expand

# Add the response for certain A/AAAA lookups to an opnsense alias
ipset=/example_website.com/dont_go_over_vpn


# Uncomment these if Unbound is still your primary DNS server; otherwise you'll have a loop
no-resolv
server=1.1.1.1


The above works for all sites not intended for the vpn. However, the sites intended for the VPN no longer work. I'm guessing this has something to do with the recent changes to DNSMasq and Unbound. In the Unbound gui I forward all example_website.com domains to DNSMasq.