I have OPNsense firewall configured with a commercial vpn (wireguard Mullvad, “MV”). MV exits to another country, so some latency is expected. I’ll call this “Node A”.
On the other hand, I managed to setup tailscale in the same machine and some nodes. The node A acts like an exit node, so any node (B, C, …) traffic routes to the node A.
When I don’t have MV turned on, everything works as expected. But the problem when I turn on MV is that massive latency hits the performance. Reading about it found out about the DERP relays, which is normal and expected. But it’s not that problem. What I want from the node A is to receive peer connections from main WAN interface instead going through the MV wg interface TWICE. This is what actually a connection is working in my setup for common internet traffic:
node B (in country X) ↔ [some DERP relay?] ↔ MV exit server (country Y) ↔ node A exit node (country X) ↔ [some DERP relay?] ↔ MV exit server (country Y) ↔ Node B (in country X)
And this is what I actually want:
node B (in country X) ↔ node A exit node (country X) ↔ MV exit server (country Y)
I don’t know if I’m clear, but tl;dr: the traffic is going through the MV interface twice. I know this is not a problem but an OPNsense config. How should I set OPNsense to receive direct peer connections via WAN and force exit-node traffic via MV(wg) interface? This way latency and hops are reduced drastically.
Thanks in advance!
Tailscale version 1.42
OPNsense 23.1