When Mullvad Wireguard VPN is turned on, no internet on non-VPN interfaces

[z2d67]

Hi, I am very new to opnsense and networking.

I setup Mullvad with wireguard using the following tutorials.

https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

https://notes.aliciasykes.com/18842/how-to-mullvad-vpn-using-wireguard-on-opnsense

I was able to setup the VPN on the LAN port and another interface and it works!

The problem I have is that whenever VPN is on, I loose internet on all the interface ports that are not setup with VPN. When VPN is not checked/enabled, internet works on all ports.

Am I overlooking something simple here or does this require some troubleshooting?

[Greelan]

Sounds like you want to implement selective routing: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

[z2d67]

Thank you for this.

Regarding step 7 "Content - Enter the host IPs, or the network in CIDR format"

Are the host IP's that they are looking for here the publicly available IP address of the VPN servers? https://mullvad.net/en/servers

Or are the IP's they are looking for here the private tunnel IP addresses?

[Greelan]

Neither.

It's the local IPs of the particular machines/VMs etc that you want to use the tunnel.

Eg you have a PC on 192.168.1.10 in your network. Include that.

Or you have an entire VLAN subnet like 10.0.1.10/24 that you want anything on that subnet to use the tunnel. Include that.

[z2d67]

Understood.

Regarding step 8: "Then go to Firewall ‣ Rules ‣ [Name of interface for network in which hosts/network resides, eg LAN for LAN hosts]"

Is this asking me for the interface I setup as "Mullvad" (which is not a port/network plug) or the interface port/plug number where I want the VPN, or the port designated as "LAN" or something else?

[Greelan]

I think it is pretty clear? You want certain hosts in your network to use the tunnel. What subnet are they in? Use the interface for that subnet