Outbound NAT rule for WireGuard client Session

[frunkaf]

I think I need an Outbound NAT rule but I have no idea how to construct it to allow clients behind my opnsense router to reach the remote network through the vpn tunnel NATing from the tunnel IP.

I have my WireGuard connection up and running. My opnsense router is the client and it's connected to a remote WireGuard server. I configured an interface for the WireGuard connection (PAV) so that I can create a gateway and static route to the remote subnet.

I am able to ping the remote network from my router and from a single host in my DMZ because of the fact that the 'AllowedIPs' on the server config permits the opnsense client, 10.80.190.2, and a single server in my DMZ, 192.168.0.251, for Syncthing functionality.

An easy fix would be to put my local subnets on the remote WireGuard server AllowedIPs and then everything can talk to one another. However, I much rather have all of my local clients NAT through the WireGuard client IP, 10.80.190.2.

I followed the steps outlined in the following article...
https://docs.opnsense.org/manual/how-tos/wireguard-client.html
...to no avail.

I attached a picture of the Outbound NAT rule as it is now.

Please help. Thank you

[frunkaf]

I figured it out and boy do I feel silly lol

I needed to set the interface to the one for WireGuard (PAV)