Awesome 👍. Glad to hear it, and thanks for the comment!

There must be something missing in the routing tables inside of the Gateway in SiteA. If a client tries to contact a IP Adress which is not in the same LAN, i routes the traffic to the default gateway (most of times your router or probably in this case the opensense fw), then the gateway sends looks in his routing table whethever he know where to forward that traffic or not, if it doesnt its being passed to the next gateway (your ISP), but if you would add a custom routing entry for the ip subnet of SiteB, then instead of forwarding the traffic to the ISP to look up, it would forward the traffic to your wireguard tunnel.

@@HelalKusho I got it to work. Firewall rule was wrong

Hey there! Thanks so much for your support! I really appreciate it!! 😊 So, I haven't done this on OPNsense yet, but I have done it on other platforms. With WireGuard, I would use the option to disable routing, so WireGuard doesn't inject any routes automatically - and have the allowed IPs set to 0.0.0.0/0 to allow anything. Then you could use static (or dynamic) routes for the stuff you needed split-tunnel. For the other two hosts, source-based or policy routing to match their source IP and force them over the tunnel. I think in OPNsense, this is done in the firewall rules - where you can match source and/or destination, then set a next-hop gateway: docs.opnsense.org/manual/firewall.html

​@@0x2142 Thank you for the suggestions! I really appreciate it.

Hi there! I did some quick research on PIA, and I'm not 100% sure. It looks like they do support both OpenVPN & WireGuard - but their documentation for router-based VPN connections only reference OpenVPN. But assuming that they do support WireGuard for these types of connections, then yeah that should be doable. If you only need to route specific LAN networks out the VPN, you may need to take a look at policy routing to match those subnets & direct them appropriately.

​@@0x2142 I have managed to do it with FingerlessGlov3s OPNseneePIAWireguard script, and want to share my results. The speedtest difference between openVPN and WG is momentous, from 15Mbps download to 320Mbps, and 10Mbps upload to 200Mbps with the same vpn region.

OPNSense did not remove Wireguard, they removed the plugin, because now there's a kernel integration. This setup is still working form Version 24.1 and newer.

@@MPHxthexLegendIt look totally different than in this video. 😒

@@fu1r4 it only looks but the only tabs that changes is the "Local -> Instances" and "Endpoints -> Peers". The other two moved to Diagnostics tab (Status, Handshakes), they are now combined.

@@MPHxthexLegendI only got 100mbit with OpenVPN, but i have now manage to setup WireGuard and i now get 490mbit. I didn't needed to add any rules to the WireGuard (Group). Instead i created a new interface and used that. Now i only want to get some of the computers to be able to access the other OPNsense internet over WireGuard. I have never got that to work, not even with OpenVPN 😪