From 9aacc8e19d282d4ece3ee0bb18b8cd8e84692e13 Mon Sep 17 00:00:00 2001
From: kavren <cory.bailey87@gmail.com>
Date: Sun, 21 Dec 2025 23:47:00 -0500
Subject: [PATCH] docs: Add WireGuard VPN and AT&T passthrough setup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- WireGuard configured on OPNsense (port 51820, 10.10.10.0/24)
- AT&T IP Passthrough enabled for public IP on OPNsense
- qemu-guest-agent and tailscale plugins installed

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 docs/CHANGELOG.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index be6e4c8..7560593 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -98,6 +98,22 @@
   - `opt3` = IoT (vlan02, 10.4.20.0/24)
   - `opt4` = Guest (vlan03, 10.4.30.0/24)
 
+### WireGuard VPN Setup
+- **WireGuard configured** on OPNsense (built into 25.7 core)
+  - Server: wg0, port 51820, tunnel 10.10.10.1/24
+  - Allows remote access to all internal subnets
+  - Firewall rule added for WireGuard interface
+
+- **AT&T IP Passthrough configured**:
+  - Mode: DHCPS-fixed
+  - MAC: bc:24:11:cb:12:82 (OPNsense WAN)
+  - OPNsense now receives public IP directly (99.74.188.161)
+  - Required for both WireGuard and Traefik to work properly
+
+- **Plugins installed**:
+  - os-qemu-guest-agent (for Proxmox integration)
+  - os-tailscale (backup VPN, not yet configured)
+
 ### Verified Working
 - All VLANs (10, 20, 30) receiving DHCP from OPNsense
 - LAN (10.4.2.0/24) receiving DHCP from OPNsense