Some hosts hardly/not at all reachable through wireguard

[EkiciLP]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

I have a problem to reach some hosts like the minecraft authentication servers (13.107.213.67), the minecraft website itself and some others are just loading very slow. I also tried other Wireguard VPNs which failed too, confirming it's not dependant on the VPN provider.

I've attached this post from me in the pfsense forum where we discussed the issue: https://forum.netgate.com/topic/188048/pfsense-mangling-packets

To Reproduce

Steps to reproduce the behavior:

1. Create a Wireguard VPN client using the following guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
2. Try to connect to spin up a minecraft server and connect to it (will fail with "Authentication servers are down") or try to curl google.com/13.107.213.67:443 directly

Expected behavior

A successful connection to all hosts that are reachable through the vpn.

Describe alternatives you considered

I'm sure its a Common OPNsense and pfsense issue since I tried the same vpn directly using the official client and in OpenWRT, all that worked perfectly. Another VPN through OpenVPN (using OPNSense) also worked fine, its just the wireguard client probably.

Additional context

Reinstalled multiple times. Was a fresh install every time, no changes made except the ones mentioned above.

Software version used and hardware type if relevant, e.g.:

OPNsense 24.7.a_388 (amd64). Intel® Core™ i3-4160 3.6Ghz Dual Core Network Intel® I350-T2