All LAN/WAN Traffic via WireGuard through Mullvad VPN Peers Stopped Working

[BobMander]

I setup a new OPNsense Firewall recently [v24.x] and configured a WireGuard VPN connection to use 2 Mullvad Peer Servers a few months ago to pass all of my internal LAN/DMZ traffic via Mullvad. I configured NAT Outbound Rules to pass all my LAN and DMZ traffic out the WAN via WireGuard. Everything was working fine. Both the LAN and DMZ were returning the Mullvad public IP Address via whatismyipaddress.com. About 2 weeks ago this stopped suddenly for some unknown reason. All my LAN/DMZ traffic is now going out the general WAN connection taking on the IP Address of my ISP [Comcast/Xfinity] rather than the Mullvad IP Address it previously had. I do still have an active Mullvad Account (first thing I checked). I reached out to Mullvad who suggested I rebuild the WireGuard connection again from scratch. I removed the NAT Outbound Rules, the 2 Peers I had, and the WireGuard Instance. I saved everything and rebooted, and then rebuilt the WireGuard VPN again (Instance, Peers, and NAT Outbound Rules). I am unable to establish the VPN connection again for all my LAN/DMZ traffic to go through Mullvad. Interestingly, the WireGuard VPN INSTANCE comes up (shows green under VPN Status). But it is not passing any traffic through either of the 2 PEERS I have configured to establish the connection that I had previously (both peers show red under VPN Status). Because of this, when WireGuard is active I cannot pass traffic out the WAN. I double-checked the Mullvad server listing site to confirm that I am using currently active Mullvad peers. So I have WireGuard disabled currently and am presenting myself with a Comcast/Xfinity IP Address. I even updated OPNsense to the latest v25.1.7 to no avail and repeated the undo/redo scenario as outlined above. Ironically, the initial setup a few months back was pretty straightforward and easy and worked perfectly as expected. Anybody else have a similar experience that can offer some insight or suggestions? Thank you in advance.

[Greelan]

I noticed the same thing yesterday as well. Not sure when it started. Don't have time to troubleshoot atm but will have to investigate. Not sure whether it a change at Mullvad's end or with OPNsense.

[bringbacklanparties]

Hi Bob, I've got a connection through a Mullvad VPN peer that's working as of this post, and I've been running tests over the last few days and haven't had any interruptions that weren't due to my own tinkering. My first guess is that you have up to five devices to use with Mullvad, and maybe in your Mullvad app on another device you've deleted the device or devices associated with the private keys you used to construct your Mullvad instances on OPNsense. If so, the old Mullvad .conf files won't work for you, and you've got to go back to Mullvad's site, download some new WireGuard configuration files, and set up the Peers and Instances again.