Hi Guys,
so i've found solution to my issue with pfSense router running as VM on Unraid.
This however requires NIC with at least 3 sockets with pass through properly enabled. In overall: I've moved unraid onto completely separated network (physically).
I am pretty sure that this solution applies to OpenVPN etc.
Network Setup:
My pfSense VM has intel NIC with 4 sockets.
Socket 1 - Wan connection from ISP
Socket 2 - LAN1 (192.168.1.0/24) on this network i have pfSense. (DHCP Enableb)
Socket 3 - LAN2 (10.0.0.0/24) on this network i have unraid. (DHCP Disabled)
Socket 4 - Currently empty.
VLAN 20 (DHCP Disabled) on LAN2 (10.0.20.0/24) - Used for Unraid Dockers
VLAN 30 (DHCP Disabled) on LAN2 (10.0.30.0/24) - Used for Unraid VMs
I have literally short patch cable going from my Intel NIC to my Unraid Motherboard.
PF Sense - If you are NOT using NAT in Wireguard.
1. Settings to enable:
1.1 - Go to: System -> Advanced -> Tab Firewall & NAT
1.2 - Checkbox: Static route filtering: checked-in.
2. Create gateway with your unraid's static IP in my case (10.0.0.10)
3. Create static route:
3.1 - Destination to wireguard network (from default its 20.253.0.0/24)
3.2 - Choose gateway (10.0.0.10)
Issue to overcome: No internet access at all, everything on network is accessible and works (dockers, VMs, everything)
Solution to that is to enable NAT in wireguard. (everything then works perfectly).
If you dont want NAT enabled in Wireguard:
I think this is a manner of finding the right setting in pfSense and hookup the wireguard network to have access to the internet.
Unraid:
I've followed guides from posts in here written in the past, credits for this goes to @Can0nfan and @craftsman when it comes to setups dockers and vms.
Unraid IP is 10.0.0.10
Enable VLANS in net. settings and set them up in my case vlan tag 20 (dockers) and 30 (VMs)
go to docker settings and setup vlan network there, do not set DHCP pool and leave it blank.
go to VM settings and setup vlan network there.
NOW i won't be lying to you, there is much easier way to get VPN to your network by simply using build in pfSense OpenVPN and you don't have to go through any of these issues at all, but for sake of experimenting i think this was fun and this gave me a backup option if for some reason OpenVPN fails, because Wireguard is completely different solution than OpenVPN and i want to avoid using L2tp with IPsec. (i dont like L2tp with IPsec just from personal preference).