Hi All. I’m not sure if I have an opnsense or WG question, but I have a worker in the Philippines who we want to access our local network using WG. Our typical WG config works perfectly IF connected to a US VPN such as Private Internet Access (connected to a US VPN, I didn’t try any other country). I thought it was a country block issue, but I don’t see any settings or anything on the logs of us trying to connect. EDIT: I figured out why the logs don’t have anything for 2025. I had logging disabled. I’m guessing there is a country block somehow so if someone could still point me in the right direction on how to fix this issue, I would appreciate it. I am wondering if it is my ISP (Xfinity) or a Firewall rule in WG running in opnsense. If it’s something in OpnSense I would like to know how I can whitelist the Philippines. For reference, the config activates, but does not initiate handshake or attempt to. Per the client log it stops at:
Thanks. Is there anyway to figure this out? I checked the logs on my cable modem, which didn’t have anything. I will enabling logging, but please let me know if there is a way to figure out this blockage.
Not sure how you’d figure it out if the blocking is happening upstream of you.
I suppose another possibility could also be that your worker’s ISP in the Philippines is blocking outbound WG connectivity to various locations? Hence it working when he’s using a VPN and the exit point is from someplace that isn’t his ISP.
Maybe you could have him try to connect to another (non-US) country in his VPN and then see if he can connect from there to your WG server? That might help to show if it’s a limitation on xfinity or from his ISP?
I think it is from my end based on this this post. I will try to connect via another country and then to our WG server, but I have done extensive research and it definitely doesn’t seem like WG is blocked for outgoing connections from any ISP in the Philippines. I don’t have a firm understanding of how VPN services work, but it is my understanding that PIA uses WireGuard so again it seems like something from my end. Is there anything I can look into to specifically whitelist the country? I don’t have any GeoIP or IPS/IDS type add-on set-up. Thanks.
EDIT: I tried connecting to a Filipino VPN in PIA and then connected to my WG one and it worked fine. It definitely seems like there is some issue with the worker’s ISP even though they tried 2 different ISPs and PIA VPN works fine. Any suggestions on another tunnel option or setting we can change so we can RDP without going through another VPN (PIA). Trying to reduce latency as well as extra steps.