Can reach OPNsense and internet but no LAN ressources

[HarryDasBrot]

Hi All, first time poster here.

I am running OPNsense 24.7.8 and have set-up Wireguard (Road Warrior) using the official guide. My goal is to access my homelab when I am not home (I have to travel for work frequently). I am currently remote and I can access the OPNsense WebGUI using the LAN IP and I can also browse the internet through my internet back at home (2ip.to). This is good but when I try to access any ressources in my homelab in the same subnet as OPNsense, I get timeouts. Can't ping anything outside OPNsense ofcource. I have set-up the Firewall rule to "pass" traffic to LAN. I also verified that this is not a "client" issue and have the same issue on my phone (iPhone running Wireguard app). Any suggestions, what I can try?

Here is my set-up:

L3 Switch:
Management VLAN 10: 172.16.10.1 - Also acting as DHCP server for LAN

Server 1
  IPMI: 172.16.10.2 (IPMI port) <-> L3 Switch (access port tagged as vlan 10)
  Proxmox: 172.16.10.3 (eth0 connected to vmbr0) <-> L3 Switch (access port tagged as vlan 10)

OPNsense (VM on Proxmox):
  LAN: 172.16.10.5  (virtio0 connected to vmbr0) <->  L3 Switch (access port tagged as vlan 10)
  WAN: 89.255.x.x (fibre connection to ISP through PPPOE on vlan 7) <-> Fiber Modem

With this out of the way, here is my config:

(1) WG Overview:

(2) WG Instance:

(3) WG Peer:

(4) WG Interface:

(5) Interface Assignments:

(6) WAN FW Rule:

(7) WG IF Rule:

( Client Config:



Problem: Once I am connected to the Wireguard tunnel, I can:
 - Ping 172.16.10.5 : success
 - Ping google.com : success
 - Ping 10.10.10.1 : success
 - Ping 172.16.10.1: timeout
 - Ping 172.16.10.3: timeout

Would welcome any advice or guide on how to troubleshoot my issue. I have looked at firewall rules but did not notice anything strange.

[viragomann]

Note that your LAN devices will block access from outside of the LAN by their own firewalls by default.

[HarryDasBrot]

My Printer, Switch, etc. don't have a firewall.

[viragomann]

My Printer, Switch, etc. don't have a firewall.

Do those devices have the default gateway set properly pointing to OPNsense?

[HarryDasBrot]

Oh my god. You were right. For some reason, my dhcp did not distribute the default gateway and for some reason, I thought using wireguard is the same as being in LAN. Now I know better. Thank you so much.