I tried debugging this issue for hours now but I’m out of ideas. I’m running WireGuard on my OPNsense firewall. It worked flawlessly for about a year but now I’ve gotten a really strange issue.
Here is the Client config:
As you can see, the Client got assigned the IP 10.10.10.11/32
I can ping this IP and the Client can access all Server in the network when connected with the VPN.
BUT when it connects to hosts in the LAN, it doesn’t use it’s assigned 10.10.10.11 IP but the public IP of the OPNsense firewall instead.
This also doesn’t happen every time, but most of the time. I assume that it’s perhaps a ARP issue, but I don’t know why the OPNsense firewall sends its public IP (WireGuard Endpoint IP) instead of the Clients assigned IP at all.
The IP the Client should use in the LAN (virtual VPN IP):
The IP which the Client actually uses (Endpoint IP):
Every help would be greatly appreciated!
EDIT: I removed and re-added the peers in OPNsense and it works again, at least for now. Maybe something broke during an update(?). I will report back if this already fixed the issue (the problem can sometimes be hard to replicate)
EDIT 2: The issue reappeared. But I noticed, that I now have the problem only with Gecko based browsers, chromium works fine (tested on Android).
EDIT 3: The issue only appeared with Gecko based browsers because mine are configured to use some public DOH DNS, which resolved my internal host FQDNs to public IPs, not private ones from the LAN
Wouldn’t this tunnel everything? I just want 10.10.10.0/24 and 10.0.0.0/24 (VPN and LAN IP range to get tunneled). I also don’t know how this would mitigate this issue