I looked at it, interesting project. Cool to see that he is using Vector Packet Processing & DPDK because to my knowledge he will be among the first to support that in OpenWRT.
Speaking of unifi and wireguard site-to-site, basically not understanding what was going until I had a look at the fw logs from unifi. Opnsense WG server to Unifi WG client. Local traffic routes fine both ways, but wan traffic that’s routed from opnsense into the tunnel and should exit to wan on unifi dosent work.
Traffic from opnsense wg server to unifi wg client, destination local ip:
IN=wgclt1 OUT=br31 SRC=10.0.80.2 DST=10.1.90.3
Traffic that comes into the WG client interface, destination wan ip:
Did chat with unify support, and they stated that WG client is intended for Client-to-server and not peer-to-peer, which seems a bit odd with Wireguard. No expelnation to why local IP gets the correct OUT interface and not WAN traffic apart from the client-to-server reply.
That GATEWAY device is interesting, but the NXP ARM processor is going to make it hard to support OPNsense like they want. There is no official ARM release, only a third party operated by a single person. If it had an AMD APU in it, I’d order one of the first to see how it runs and support their effort.
It’s going to be Apple pretty when they get the aluminum case done, but it’s going to add a lot of expense too.
/ tomlawrencetech
https://www.amazon.com/shop/lawrences…
/ lawrencesystems