I've set up wireguard on pfsense and added two peers: a mobile and a linux laptop. I thought I did a good job because at first everything was working. Unfortunately I noticed that the peers would not be able to connect to the internet after they got a change of IP addresses. This is 100% reproducible: if I switch wifi hotspots on the laptop the problem occurs. It's a bit strange because the netgate documentation explicitly states
WireGuard supports roaming automatically, and can detect when a peer has changed IP addresses. WireGuard will recognize that authenticated data is coming from a new address and update itself accordingly.
I think it has to do with how the server is set up since both the mobile phone and the laptop show this problem. Any hints how I can fix this, or narrow down the problem?
Here's a bit more about my pfsense config:
b502f618-0ce0-418b-abec-6cec52e9b4e5-image.png
d1b9ab09-ec72-42da-be12-587f0a6652ad-image.png
21c5d1f1-fd0c-4a63-a70c-5e8e958b3f9b-image.png
007ad953-6f5a-4308-89c3-e39b03722495-image.png
And here's the config of one of the peers:
0ad0d5b2-b655-40ee-be4b-c6017a608e22-image.png
On the linux laptop I use networkmanager to handle the wireguard connection. The config file looks like this:
Screenshot at 2024-06-03 20-00-55.png
On the laptop I'm connected to the internet via (for instance) ethernet, then activate wireguard. Everything is fine. I keep a ping to google running. Then I switch to a different wifi, and see that the ping stops. Visiting a web page no longer works (it times out). If I now deactivate wireguard on the laptop, the ping starts running again. If I then reactivate wireguard initially the ping stops. It will take a couple of seconds but then it starts running again. My question is: what do I need to adjust in order to get roaming to work?