I will start with an introduction explaining the reasons why I intend to install a VPN: nothing illegal.
You can skip it to get to the point of the reason for my query.
For some months now we have been having problems in Spain with IP blocking and hiding of DNS domains
by ISPs.
The football league association has won some court rulings against cloudflare due to illegal video retransmissions of soccer matches.
It seems that the only solution the judge or ISPs have come up with is to block certain IP addresses during matches to prevent pirates from making illegal retransmissions.
The bad thing is that behind those addresses (many of cloudflare but not only) there are hundreds and thousands of internet services of companies that have nothing to do with soccer or with this illegal activity.
So you stop being able to watch any video from vimeo, to order pizzas from burger king and things like that.
A whole nonsense.
Being able to avoid these blocks is my main motivation, although it seems more and more appropriate to navigate without ISPs or others meddling in what you do or don't do.
NOW LET'S GET TO THE POINT BY EXPLAINING THE REASON FOR MY QUERY
I have hired protonVPN as a VPN service to be able to surf the Internet as securely as possible and with a greater degree of anonymity.
This service allows access using the wireguard protocol configured in our openWRT router.
I have created an interface with this protocol and configured it to access the protonVPN server.
Then I have configured the firewall so that all the local network traffic is directed to this interface instead of the wan.
This is the image of my interfaces
This is the image of the zone configuration:
iot is an internal network for IOT devices, which cannot access the internet and can only access and be accessed from the local network.
guest is a guest network associated to a wifi network that has no access to the local network or iot and goes directly to the internet through the wan without going through the VPN.
As I said everything works correctly when browsing from within the network.
THE PROBLEM COMES WHEN I WANT TO CONNECT TO MY NETWORK from the outside.
I have a wireguard interface (wgVPN) configured to accept wirewuard connections in standard port 51280.
That interface is added to the "lan" firewall zone together with the "lan" interface.
I have a firewall traffic rule to direct traffic from wan zone in port 51280 to the router in same port
When I was not using the protonVPN everything worked OK.
But once I have activated it and redirected traffic from lan zone ton protonVPN zone instead of wan, I cannot access de wgVPN server anymore from outside.
I would like to access the wgVPN wireguard server from my ISP IP in the wan interface as I was able to do prior to activating the protonVPN.
Thanks for your help.