I have OPNsense running on a mini PC with a Wireless AP connected to it. On the OPNsense, I am running a wireguard server to connect to while abroad so I can stream US shows. At the same time I am to setup two VPN tunnels to Germany and UK using Private Internet Access to stream shows that are limited to those localities. I have used this guide to setup the Wireguard Instances and use the OPNsense guide to finish setting up the NAT and Firewall rules. The traffic is not being channeled through the VPN. What am I doing wrong?
Been a hot minute since I’ve done this, but don’t you want the floating rule to apply to inbound direction?
I’m on mobile so it’s a little hard to check the config via screenshots, but I believe you should tick the “Invert sense of the match” box for the LAN and Floating rules.
With your current LAN rule, it looks to me like you’re sending your RFC1918 traffic to PIA, but you probably want all but the RFC1918 to go there. With an exception for the WG tunnel traffic, ofc.
Part of the github repo is a python script that installs a cron that checks the connection every 5 minutes. There is an image of the VPN status page that shows it receiving and transmitting a few kb in traffic, which I assume is the cron script checking the connection.
That and the above hint to invert the match did it! Thank you
Thank you!!! That was it. Checking the destination invert sense of the match did it!
I’ve been running this setup for a long time and I’ve never had issues. What happens when you run the script to switch servers manually over SSH?
Glad to hear it! Enjoy 