Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard problems: "killswitch" withOUT killswitch and no ports are forwarded
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard problems: "killswitch" withOUT killswitch and no ports are forwarded (Read 380 times)
FBachofner
Newbie
Posts: 20
Karma: 3
Wireguard problems: "killswitch" withOUT killswitch and no ports are forwarded
«
on:
July 21, 2024, 02:08:50 pm »
I have recently setup a new OPNSense (24.1.10_3) router to replace a failing router which ran OpenWRT.
After getting everything up and running perfectly last week (including a number of VLANs) I have just configured Wireguard to use my VPN-vendor account using the
WG Selective Routing to External VPN Endpoint instructions
available in the docs.
Various tests show the WG instance to be working and not leaking my real IP address and in general things are working well.
However, I now have 2 fairly significant new problems:
If i turn off (disable) Wireguard at /ui/wireguard/general, then no PCs within the VLANs which are "normally" in the Wireguard tunnel can browse the internet.
It is not just a DNS problem as I can not even open a website for which I know the IP address.
It's weird to me as I have NOT implemented the "killswitch" instructions, yet disabling Wireguard kills the connection entirely.
Port forwarding does not work within the WG tunnel (even though those handful of ports are forwarded at the VPN provider). [ This in spite of changing various parameters of the forwarded ports (especially the "destination address" which should likely no longer be "WAN address" but
now
likely the VPN address). ]
Ports for one of the machines are somehow forwarded to/from the
actual
WAN address which has me
very
confused since the port forwarding setup is
identical
for another machine in the same VLAN and its ports are
not
all thusly forwarded when there is an exact correspondence in setup with the exception of IP address (one digit different) and a port number (also 1 digit different).
Given my efforts regarding problem 2 haven't worked out in the least, these problems likely point to firewall configuration issues.
I have played with reordering some of the rules (there are not yet many) to no avail.
Any and all ideas are appreciated! Thanks in advance.
Problem 1 is the more important one; if I can figure out a way to kill the WG instance without killing the internet, that would be good.
Problem 2 is really only for torrenting anonymously where desired -- not hugely important at the moment.
«
Last Edit: July 21, 2024, 02:25:32 pm by FBachofner
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard problems: "killswitch" withOUT killswitch and no ports are forwarded