WireGuard - HTTP/S Traffic Issue

[SkeelKat]

Dear All,

I have a bit of a weird issue that I cannot figure out for the life of me. I was hoping getting more sets of eyes on the problem someone can help me pin point where the issue might be.

I have 2x OPNsense Firewalls installed. 1x at the Office and 1x at Home. Both run the same version OPNsense 21.7.3_3-amd64 and both have same WireGuard installed (os-wireguard 1.7, wireguard-go 0.0.20210424,1, wireguard-tools 1.0.20210914)

The only difference...

Office I have a router from the ISP configured as PPPoE
Home I have a router with Static IP address and setup as exposed host (Forward all public traffic directly to OPNsense Firewall (Double Nat'ting)

From Home: Notebook PC on LAN > Office-WireGuard Tunnel > Office Debian Server - Everything works, SSH, DB Connections, FTP, SFTP etc. NO HTTP or HTTPS Traffic in any browser. Curl in CMD also not working - This is true for other locations / servers on different subnets behind the Office OPNsense Firewall, basically effecting all HTTP/S traffic regardless of destination.

From Home: Android Phone on LAN> Office-WireGuard Tunnel > Office Debian Server - Everything works including HTTP or HTTPS

From Public Internet: > Notebook PC via Mobile Data or Public Wi-Fi > Office-WireGuard Tunnel > Office Debian Server - Everything works including HTTP or HTTPS

From Public Internet: Android Phone via Mobile Data or Public Wi-Fi > Office-WireGuard Tunnel > Office Debian Server - Everything works including HTTP or HTTPS

From Office: Notebook PC on LAN > Home-WireGuard Tunnel > Home Debian Server - Everything works including HTTP or HTTPS

From Office: Android Phone on LAN > > Home-WireGuard Tunnel > Home Debian Server - Everything works including HTTP or HTTPS

From Public Internet: Notebook PC via Mobile Data or Public Wi-Fi > Home-WireGuard Tunnel > Home Debian Server - Everything works including HTTP or HTTPS

From Public Internet: Android Phone via Mobile Data or Public Wi-Fi > Home-WireGuard Tunnel > Home Debian Server - Everything works including HTTP or HTTPS

I simply cannot understand why this condition, when connecting from my home network using my Notebook via the Office WireGuard Tunnel does not pass any HTTP/S traffic to the local webservers in the Office Network. This is true for devices that work on various webservers (Apache, Nginx and lighttpd) and even some of them on custom ports like 8443, 8080, 8006, 8007 etc. Obviously any traffic that bypasses the VPN Tunnel (split tunneling via "AllowedIPs") works without any issues.

Any help or insight to what the issue might be would be greatly appreciated.

[tomstephens89]

Apologies for posting on an old thread but I have this exact problem and can't work out whats going on.

Connecting to the office Wireguard on OPNSense from my home 4G EE (UK) connection and I can use RDP, FTP, SSH, ICMP etc.... But no HTTP or HTTPS traffic at all.

Interestingly I can hotspot from my phone and other connections no problems at all. This leads me to believe the problem is specific to this one connection which is an EE SIM card in a Teltonika RUTX09 4G router.

Any ideas?

[Patrick M. Hausen]

Quick shot: try

Code Select Expand

MTU = 1280
in the Interface section of your home config.