@oddussiben-3161 The apparent lack of anything else (host route). I attempted to set up this configuration on an Ubuntu machine using Wireguard.

@LaUs3r When
I check logs (status > system logs > firewall) and see nothing relevant. I edit names and all personnal info (giving names can lead to security breach. in my opinion)

@Bob-Dig Allowed ips are 0.0.0.0/0 on both sides.

@Bob-Dig

EDIT:

Changing the default gateway under the "Routing" tab again caused the remote site to be inaccessible via the S2S VPN.

@Bob-Dig
Wonderful ! Much easier than I thought !
I just followed a tutorial which told me to do so.

Thank you very much !

@BNetworker said in Wireguard Package re-install failing:

I updated to 24.11. That resolved it. So, it appears the wireguard 0.2.9 package is incompatible with 24.03?

This worked for me. would be nice if it warned, or did not let you update the package that isn't supported :(

Ohhh i forgot the gateway.

Its working now.

thank you so much.

ok, maybe let's take a step back. You wrote that it works once you disable IPv6 in your WAN interface.

Are you using IPv6 at all? If yes, have you configure IPv6 for your wireguard tunnel?

Maybe it's worth checking out the video from Chris McDonald: https://www.youtube.com/watch?v=wYe7FzZ_0X8
Chris is the maintainer of the wireguard package for pfSense. In this video he shows the config for a wireguard tunnel for IPv4 AND IPv6

https://forum.netgate.com/topic/151871/solution-for-multicast-over-tunnel

@jmdomini , I shared some days ago my experience with wireguard in a step-by-step guide in this forum. Maybe that helps you.
And please share some more info if it does not. screenshots are quite helpful

@droidus

Hello,

I have a similar problem with setting up a new wireguard "client".

Wireguard is running for a longer time with some clients connecting to home network. There are Androids and Linux Mint devices. All connect through a full tunnel.

I added a new Linux Mint device. As always, same config (besides the keys...). The client is able to connect to pfsense, connect to the internet via tunnel BUT can't connect to any services hosted in my home network.

Some important configs in my environment:

Wireguard config file for my Linux Mint clients:

[Interface] Address = 192.168.200.20/32 PrivateKey = 1234 DNS = 192.168.1.1 [Peer] PublicKey = 2222 PresharedKey = 3333 AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = example.domain:51820 PersistentKeepalive = 15

-> DNS is my pfsense.

DNS Resolver is enabled. No other DNS connection (e.g. 8.8.8.8) are allowed.

Firewall logs show only connections to pfsense:53, to visited sites in the internet but no connections to local services in my home lan. I can't see any blocked packets of the attempt to connect
.
There are no states visible between any local service and the client.

I even restarted pfsense.

Any ideas what to check to fix this?

@poldus
My "thinking" of this PROBLEM are

all KEYS (publics, privates and preshareds) are OK (because of handshaking OK) in both peers (Android, Windows)

2.. what else? rules? "default 51820 port (not working too)

WireGuard is so "experimental" to me? so experimental that UNUSED from me?

@mrwaltman

You haven't given me enough information to know the answer to your question.

But, if you're worried about it, change your subnet at home.

Personally, I prefer to use 10.1.1.1/24 for my router. It's super easy to type.

I had the same issue, and the pfblocker virtual IP 10.10.10.1 was the cause. Adding it to my WG peer allowed IPs resolved the issue.

I tried

nslookup website.com DNSIP

command to see where the DNS is failing. I see the router on remote LAN network it resolved correctly. When I specify the wireguard address, it fails instantly. When I specify the other server`s router on the main LAN site, it failes instantly.

edit: It is strange that I can ping the servers over port 53 with a traceroute but I can't get the DNS to work.

@CapitanBlack Thank you! that's is what I needed.
I didn't realize I could assign the same IP on pf1 and pf2 wg interfaces.
Now I need to test the failover.