Moderator Edit: I have formatted your config to be readable
When I connect via Wireguard to mullvad on my laptop (linux), I can no longer browse the internet.
I can connect to my internal (LAN) interface, and connect to it via ssh.
I am pretty new to linux, and very new to VyOS. I see that packets are being dropped by the kernel when I monitor the WAN interface.
Oh, Laptop is on the LAN - .20 network.
I know this has to be something simple, but I am not skilled enough yet to troubleshoot it myself. Thoughts?
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name LAN-LOCAL {
default-action accept
}
name LAN-MGMT {
default-action drop
rule 5 {
action accept
description "Allow EST/Related Traffic"
state {
established enable
related enable
}
}
}
name LAN-WAN {
default-action accept
}
name LOCAL-LAN {
default-action accept
}
name LOCAL-MGMT {
default-action accept
}
name LOCAL-WAN {
default-action accept
}
name MGMT-LAN {
default-action accept
}
name MGMT-LOCAL {
default-action accept
}
name MGMT-WAN {
default-action accept
}
name WAN-LAN {
default-action drop
rule 5 {
action accept
description "Allow EST/Related Traffic"
state {
established enable
related enable
}
}
}
name WAN-LOCAL {
default-action drop
rule 5 {
action accept
description "Allow EST/Related Traffic"
state {
established enable
related enable
}
}
}
name WAN-MGMT {
default-action drop
rule 5 {
action accept
description "Allow EST/Related Traffic"
state {
established enable
related enable
}
}
}
options {
interface eth1 {
adjust-mss 1452
}
interface pppoe0 {
adjust-mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
address dhcp
description Blah
duplex auto
hw-id 00:e0:67:1f:b2:12
speed auto
}
ethernet eth1 {
address 172.16.20.1/24
description LAN
hw-id 00:e0:67:1f:b2:13
vif 10 {
address 172.16.10.1/24
description Management
}
}
ethernet eth2 {
address 172.21.20.1/24
description NEWLAN
hw-id 00:e0:67:1f:b2:14
}
ethernet eth3 {
hw-id 00:e0:67:1f:b2:15
}
ethernet eth4 {
hw-id 00:e0:67:1f:b2:16
}
ethernet eth5 {
hw-id 00:e0:67:1f:b2:17
}
loopback lo {
}
pppoe pppoe0 {
authentication {
password
user
}
default-route auto
description WAN
mtu 1492
source-interface eth0
}
}
nat {
source {
rule 100 {
outbound-interface pppoe0
source {
address 172.16.20.0/24
}
translation {
address masquerade
}
}
rule 110 {
outbound-interface pppoe0
source {
address 172.16.10.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
shared-network-name LAN {
subnet 172.16.20.0/24 {
default-router 172.16.20.1
dns-server 172.16.20.1
range 0 {
start 172.16.20.200
stop 172.16.20.250
}
}
}
shared-network-name Management {
subnet 172.16.10.0/24 {
default-router 172.16.10.1
dns-server 172.16.20.1
dns-server 172.16.10.1
range 0 {
start 172.16.10.200
stop 172.16.10.220
}
}
}
}
dns {
forwarding {
allow-from 172.16.20.0/24
allow-from 172.16.10.0/24
cache-size 0
dnssec process
listen-address 172.16.20.1
listen-address 172.16.10.1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user {
authentication {
encrypted-password
}
}
}
name-server 172.16.20.1
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
zone-policy {
zone LAN {
default-action drop
from LOCAL {
firewall {
name LOCAL-LAN
}
}
from MGMT {
firewall {
name MGMT-LAN
}
}
from WAN {
firewall {
name WAN-LAN
}
}
interface eth1
}
zone LOCAL {
default-action drop
from LAN {
firewall {
name LAN-LOCAL
}
}
from MGMT {
firewall {
name MGMT-LOCAL
}
}
from WAN {
firewall {
name WAN-LOCAL
}
}
local-zone
}
zone MGMT {
default-action drop
from LOCAL {
firewall {
name LOCAL-MGMT
}
}
from WAN {
firewall {
name WAN-MGMT
}
}
interface eth1.10
}
zone WAN {
default-action drop
from LAN {
firewall {
name LAN-WAN
}
}
from LOCAL {
firewall {
name LOCAL-WAN
}
}
from MGMT {
firewall {
name MGMT-WAN
}
}
interface eth0
interface pppoe0
}
}