WireGuard after update to 25.1.12 – LAN reachable, Internet no longer accessible

[torbho]

Hello everyone,

after updating my OPNsense firewall from 25.1.10 to 25.1.12, WireGuard only works partially.

Setup:

• OPNsense 25.1.12 (previously 25.1.10, everything was working fine)
• WireGuard server running on OPNsense
• Clients connect successfully
• AllowedIPs on clients: 0.0.0.0/0 (Full Tunnel)

Before the update: VPN clients could access LAN + Internet

After update: VPN clients can still access LAN and OPNsense itself, but no longer the Internet through VPN

Symptoms:

• WireGuard connection works (handshake OK)
• Access to internal IPs (LAN) works
• Access to external IPs (Internet) does not work
• DNS resolution is correct (Ping to IP address of firewall also works)
• Internet access from LAN side works as expected

Checked so far:

• Firewall rules on WireGuard interface are unchanged (Allow any)
• Firewall NAT Outbound: Hybrid outbound NAT rule generation

Question:
Was there a change in 25.1.12 that could affect?
Or is this a bug that only started in 25.1.12?

Maybe someone can confirm if this behavior is reproducible.

Thanks!

[ChristTheGreat]

Not to Hijack your post but just to say I have the same issue, but can't even talk to LAN. On my Cell, it says connected, but on my dashboard, no green checkmark.

If I find anything that can help you, I'll post it!

[torbho]

Just wanted to give a quick update that my issue with WireGuard has been resolved.

The problem turned out to be a firewall rule in OPNsense that was blocking outbound traffic. After the update, this rule suddenly started taking effect, even though everything had been working fine before. I understand why it doesn't work with that rule in place — but I honestly don't understand why it worked before the update.

If anyone runs into similar issues: double-check your firewall rules, especially those affecting the WireGuard interface. Something may have changed in how rules are processed or how interfaces are handled after the update.