Wireguard issue after FW-reboot

[LineF]

Hello,

I'm running a wireguard tunnel from my smartphone to my home network.
OPNsense is the central routing instance and FW between WAN, LAN, DMZ and Guest networks.
In the WAN network is my DSL internet router (and only that one).

All (0.0.0.0/0) my traffic from my smartphone is routed through the wireguard tunnel to OPNsense.

After rebooting OPNsense I can reach from my smartphone all devices in my local networks, but no traffic is routed to (or from?) the internet.

Now the wierd thing:
When I change something of the firewall configuration, the traffic to the internet starts going being routed.
E.g. I can stop and start an service or I can enable/disable logging of a particular rule...
As soon as such an action happens traffic from and to the internet is routed through my wireguard tunnel.
Until the next reboot of OPNsense...

Any ideas what could be going on here?
How could that be debugged?
This happens since months (from the beginning I was using OPNsense - at least 12 Months)

Greetings,
Martin

[LineF]

Hello,
no one has an idea?

[Forceflow]

I presume you followed this guide: https://docs.opnsense.org/manual/how-tos/wireguard-client.html

What I have noticed, that even though the guide lists it as not necessary for IPV4 traffic if you've configured a WG interface group, I resolved the problem you're having by adding the rule in 4(b).



Here's the weird thing: My Wireguard connectivity works fine without that rule (I can even disable it after the system has booted!), until I reboot.

Then I've got the same symptoms: cannot reach outside network.
Would be solved by manually rebooting Wireguard, or like you said, changing a little thing in the firewall.

After I explicitly added rule 4b to my system, Wireguard connectivity to the outside world now survives a reboot as well.

Would be very enlightening to have some OPNsense wizard explain to us why this is needed.

I'm out of my depth to explain why this could happen, maybe a race condition during boot.