VLAN interface pulling Wireguard Gateway

[nightfox818]

I have a strange issue. I'm trying to setup a VLAN interface on OPNsense 24.7.11_2-amd64. I created the VLAN interface, gave it a static IP, created the VLAN on my switch, the switch can ping the VLAN interface, but the device I have connected to the VLAN cannot connect (static IP).

Here is the interfaces overview showing my VLAN 105 interface and the gateway that shouldn't be there:

You cannot view this attachment.

And here is how the interface is configured:

You cannot view this attachment.

I've never seen this behavior before. I think this is what's causing my issue. Any ideas?

Thanks!

[Patrick M. Hausen]

Have you assigned the switch port the device is connected to to the VLAN? Untagged/access port.

[nightfox818]

Yes.

Code Select Expand

interface GigabitEthernet1/0/39
 description [snip]
 switchport access vlan 105
 switchport mode access
!

I compared with another OPNsense firewall I have with VLAN interfaces and the gateway is blank on that firewall (as expected). I guess I'm confused as to how a Wireguard tunnel interface is showing up on a just-created VLAN interface for which "IPv4 gateway rules" is disabled.

[Patrick M. Hausen]

A WG tunnel is a separate independent interface (wg0 ... wgn). It is in no way connected to a VLAN or physical interface. I do not quite understand your mention of WG here.

[nightfox818]

Yes, I know. See the Interfaces Overview screenshot in my first post. Interface VLAN105 (opt3) has a gateway of 10.255.254.18 (which is the remote end of my wireguard tunnel). It seems like that is causing my routing problem. And that is my question: why is a remote wireguard tunnel IP applying itself to a VLAN interface and specifically when I have IPv4 gateway rules set as 'Disabled'? It's a locally routed network; there shouldn't be a gateway, and I never set it. I'm assuming this is a bug?

[Patrick M. Hausen]

Interface VLAN105 (opt3) has a gateway of 10.255.254.18

Then remove that gateway, perhaps? Still puzzled. :-)

[dseven]

That is a bit odd. I notice that your wg0 is unassigned, which is not typical (I believe). Does it change anything you assign it an interface?

[nightfox818]

Interface VLAN105 (opt3) has a gateway of 10.255.254.18

Then remove that gateway, perhaps? Still puzzled. :-)

Again, refer to my screenshot. I cannot remove it because it's already "Disabled" from the interface... unless there's a config file under the GUI I can modify.

[nightfox818]

That is a bit odd. I notice that your wg0 is unassigned, which is not typical (I believe). Does it change anything you assign it an interface?

It's in the docs that way and Wireguard is working. https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html But that's not the issue here.

[Patrick M. Hausen]

Again, refer to my screenshot. I cannot remove it because it's already "Disabled" from the interface

If it's set to disabled then there is no gateway on that interface. Where do you see that one is, supposedly?

[dseven]

If it's set to disabled then there is no gateway on that interface. Where do you see that one is, supposedly?

Interfaces Overview, per the screenshot in the original post.

[Patrick M. Hausen]

Now I get it, sorry. What is shown when you click that "expand" button for the routes in the "wg0" row?