Routing selected hosts traffic trough Mullvad VPN setup issues.

[cunfused_kiwi]

Hi,

what I am currently struggling to set up:

I want the traffic of my Proxmox Backupservers and VE nodes as well as the VMs running on there to run through Mullvad VPN, and every other devices traffic in the same VLANs to go through the normal Internet, so not Mullvad.

The VMs and Proxmox Server are in different VLANs. The Version of OPNsense I am running is: 26.1.6-amd64.

What I have done so far:

1. I created a new WireGuard configuration in my Mullvad Account and exported the .conf file.
2. I created a new WireGuard Instance in there i put the Private Key and Tunnel address from the config files [Interface] section.
3. I created a new WireGuard Peer with the Public key, Allowed IPs, Endpoint address, Endpoint port form the config files [Peer] section.
4. I clicked "Enable WireGuard" and then under VPN > WireGuard > Status both listed points (iirc Interface and Peer) where green.
5. I assigned the new wg0 interface under Interfaces > Assignments and enabled it and checked "Prevent interface removal".
6. I added a new Gateway under System > Gateways > Configuration selected the Mullvad VPN Interface and checked "Far Gateway".
7. I added a new Alias under Firewall > Aliases, Type: Host(s) and added all the static ip addresses of all devices in the "Contents" Field.
8. I changed the NAT Outbound Mode to Hybrid.
9. I added a new Outbound NAT rule and selected the Mullvad VPN interface and the Alias I had created as the "Source Address".
10. I added 2 Firewall rules for one VLAN for testing (I planed to add these in each VLAN, also these rules are at the top):

 <rule uuid="">
            <enabled>1</enabled>
            <statetype>keep</statetype>
            <state-policy/>
            <sequence>86</sequence>
            <action>pass</action>
            <quick>1</quick>
            <interfacenot>0</interfacenot>
            <interface>opt2</interface>
            <direction>in</direction>
            <ipprotocol>inet</ipprotocol>
            <protocol>any</protocol>
            <icmptype/>
            <icmp6type/>
            <source_net>Mullvad_VPN_Clients</source_net>
            <source_not>0</source_not>
            <source_port/>
            <destination_net>any</destination_net>
            <destination_not>0</destination_not>
            <destination_port/>
            <divert-to/>
            <gateway>Mullvad_VPN_Gateway</gateway>
            <replyto/>
            <disablereplyto>0</disablereplyto>
            <log>0</log>
            <allowopts>0</allowopts>
            <nosync>0</nosync>
            <nopfsync>0</nopfsync>
            <statetimeout/>
            <udp-first/>
            <udp-multiple/>
            <udp-single/>
            <max-src-nodes/>
            <max-src-states/>
            <max-src-conn/>
            <max/>
            <max-src-conn-rate/>
            <max-src-conn-rates/>
            <overload/>
            <adaptivestart/>
            <adaptiveend/>
            <prio/>
            <set-prio/>
            <set-prio-low/>
            <tag/>
            <tagged/>
            <tcpflags1/>
            <tcpflags2/>
            <tcpflags_any>0</tcpflags_any>
            <categories/>
            <sched/>
            <tos/>
            <shaper1/>
            <shaper2/>
            <description>Route selected hosts via Mullvad VLAN 100</description>
          </rule>
          <rule uuid="">
            <enabled>1</enabled>
            <statetype>keep</statetype>
            <state-policy/>
            <sequence>48</sequence>
            <action>pass</action>
            <quick>1</quick>
            <interfacenot>0</interfacenot>
            <interface>opt2</interface>
            <direction>in</direction>
            <ipprotocol>inet</ipprotocol>
            <protocol>TCP/UDP</protocol>
            <icmptype/>
            <icmp6type/>
            <source_net>Mullvad_VPN_Clients</source_net>
            <source_not>0</source_not>
            <source_port/>
            <destination_net>any</destination_net>
            <destination_not>0</destination_not>
            <destination_port>53</destination_port>
            <divert-to/>
            <gateway>Mullvad_VPN_Gateway</gateway>
            <replyto/>
            <disablereplyto>0</disablereplyto>
            <log>0</log>
            <allowopts>0</allowopts>
            <nosync>0</nosync>
            <nopfsync>0</nopfsync>
            <statetimeout/>
            <udp-first/>
            <udp-multiple/>
            <udp-single/>
            <max-src-nodes/>
            <max-src-states/>
            <max-src-conn/>
            <max/>
            <max-src-conn-rate/>
            <max-src-conn-rates/>
            <overload/>
            <adaptivestart/>
            <adaptiveend/>
            <prio/>
            <set-prio/>
            <set-prio-low/>
            <tag/>
            <tagged/>
            <tcpflags1/>
            <tcpflags2/>
            <tcpflags_any>0</tcpflags_any>
            <categories/>
            <sched/>
            <tos/>
            <shaper1/>
            <shaper2/>
            <description>DNS for Mullvad VPN clients</description>
          </rule>

The i changed the DNS Server on one VM to the one from the config File and ran `curl ifconfig.me` which returned the correct Mullvad IP address.
         
The problems I am facing now are:

Having it like this it only internet on hosts that are in the Alias work and nothing else in every VLAN has internet access.

While troubleshooting I checked "Disable routes" in the WireGuard Instance and the Internet everywhere worked again, but DNS for the Hosts routed trough Mullvad didn't work anymore, also `curl ifconfig.me` didn't work anymore as expected, so i couldn't verify if the traffic still gets routed through Mullvad. Pining 1.1.1.1 and 8.8.8.8 still worked.


What did I do wrong and or don't understand?

Thx in advance!