How do I route all traffic to external VPN?

[novel]

Sorry, not possible for me to go remote...

As said, maybe I am confused and should shut up :D

Now you are posting screenshots of NAT port forward. There is nothing in your setup as far as I can see that requires a port forward... on VPS site access to WG server can be solved this way, but a simple allow rule on WAN should be enough.
What I mentioned was NAT outbound rules, this is required on your LAN site.

Can you please explain your whole setup?

Please, read the first my post. I wrote many times here....

I want  all traffic from ISP to send it  through tunnel with  wireguard to vps. then Take the publick ip from vps with wireguard vpn then back to my home . It is very simple.  It is the same setup if pay a vpn provider like mulvard or any other vpn provider.

On firewall-->rules-->wan I have already post allow port 51820  from wan . Please see the pictures..otherwise I can post again for you...

I hope to understand me.....

Below on youtube link I want to do the same WITHOUt MULVARD. I wan to do the same project with below video on the vps that I already setup myself the vpn.  I say again the same setup  RUNS SUCCESSFULLY WITH RASPBERY PI. The problem is (I think) the opnsesne

https://www.youtube.com/watch?v=9B4FW5pf2wA

[tiermutter]

mhh... it's confusing... what is running in VPS? Is this another OPNsense? Some screenshots looks like OPNsense in VPS with WG server and some looks like OPNsense at home?!

[novel]

We stopped using OPNSense for the same reasons for VPN.

Back to RRAS in windows and it works perfectly. Connects and keeps the connection no problems.

Anything terminating at the perimeter is way to sensitive when keeping thousands of VPN's running at any one time.

Do you mean that OPNsense has bug? Does OPNsense  has bugs generally?

[tiermutter]

We know what you want to achieve... but we (me) don't really know which systems are involved and where the loads of screenshots are taken from...

As said... we (me) are confused...

[novel]

We know what you want to achieve... but we (me) don't really know which systems are involved and where the loads of screenshots are taken from...

As said... we (me) are confused...

I  will help you.

On the vps runs ONLY DEBIAN 12 with wireguard server. ONLY THAT . Nothing else. There are iptables rule that masquerade all traffic to wireguard client.  THis is the vps setup.


OPNsense is the wireguard client that's  try to connect to the vps (wireguard server)  Are you confusing or you are understanding.


I hope to help you now.

[tiermutter]

Helped a lot so far, thank you ;)

Now lets summarize step by step...
So debian / VPS setup is untouched and worked (and also will still work) with raspi as client?
Client WG setup is double checked, correct and handshakes are succesful?

[novel]

Helped a lot so far, thank you ;)

Now lets summarize step by step...
So debian / VPS setup is untouched and worked (and also will still work) with raspi as client?
Client WG setup is double checked, correct and handshakes are succesful?

Yes to all. Now I stopped to run WG client to raspberry.

[tiermutter]

Ok... but the raspberry client has it's own WG configuration, e.g. seperate IP and you did not try multiple connections with one and the same WG peer?

[novel]

Ok... but the raspberry client has it's own WG configuration, e.g. seperate IP and you did not try multiple connections with one and the same WG peer?

I never use Raspberry again. Too much devices. I want only one client. This is opnsense nothing else. Raspberry has the same IP with OPNsesne. But I don't use it. It is shudown. Is better to create seperate wg client configuration file specific for opnsesne?

[tiermutter]

You can use the same config, but not at the same time.
When you told us you NOW stopped raspberry client, this means that you tried to establish multiple connections with one peer (and tunnel IP) with two devices. This won't work.

Now we can start testing from scratch since now WG client on OPNsense can work the first time.

[tiermutter]

Start and stop / restart your WG client on OPNsense and try a ping to 8.8.8.8 from OPNsense shell.

[tiermutter]

As I said, I assume that the VPS is untouched and everything works fine on this side!

[novel]

Start and stop / restart your WG client on OPNsense and try a ping to 8.8.8.8 from OPNsense shell.

I cannot ping It stucks

[tiermutter]

Ok, can you provide logs or something to prove that the WG connection is properly established?
Can you ping the WG server IP from OPNsense?

[novel]

Ok, can you provide logs or something to prove that the WG connection is properly established?
Can you ping the WG server IP from OPNsense?

inside vps I cannot ping 10.217.30.2    <----it is wireguard client IP to OPNsesne

I thing does not change the gateway when enable the vpn. please look at the screenshot.

I am able to ping wg server from opnsense I did ping 10.217.30.1