@renegade I have both, CE and plus and none is showing this. So get rid of this I guess.

@Lace Not sure what you mean exactly. His intrusion detection had gone a little rouge and was blocking allowed traffic. It seems the last Unifi update added a feature he was not aware of.

There are complications doing a tunnel. We share a subnet, and it happens to be the one my computer is on at his house. There was some reconfiguring to do beyond the actual tunnel.

For now, no tunnel.

A big Thanks to Jarhead. I have succeeded in my aim today, which I had planned for. I can ping both sides and access via RDP, but I still don't understand few things. Normally, if you want to access a network, you need to be in the same range as that network. For example, I would like to access "side A" (192.168.10.0/24) from "side B" (192.168.20.0/24). I always kept a PC with an IP setting in the range of 192.168.10.50 on "side B", and actually, this is the issue with my settings, other than the gateway setting in the past. Today, when I changed this IP to the normal 192.168.20.50, it is working fine now.

For future travelers, this Youtube video is helpful: https://www.youtube.com/watch?v=ralWaBL98pU

@viragomann

I got it. The "WireGuard Networks" alias wasn't defined/working... Changed it to the address of my WG network and things are working. Thanks!

@jtressler I wasn't checking the WG status quite often but I now see it's happening again. This time I'm running the latest pfSense Plus 23.09.1 and up-to-date WireGuard 0.2.1 package.
wireguard-datez.png

It's January 31st, and I had suspicion being the end of month would have something to do with this; I'd want to test this theory but haven't been able to set the date to a specific day without the firewall getting auto-synced to the current date. I also recall checking another month's last day (October 31st I think) and it was showing all normal.

At least I can document that this happened again on the last day of January, as well as September. I remember others posted on June 30th about this problem. So we now have:

Jan 31st Jun 30th Sep 30th
I wonder if there is any correlation between the months...

Risk of necropost, but I found this topic helpful:

setup-docs-incomplete-for-wireguard-confused-about-terms-having-a-challenging-time-setting-up-wireguard-read-here

@Bob-Dig That fixed it, thank you so much for your help. You are right, I was not thinking about this properly.

Steve

@inghaj As long as the Fritzbox does support Wireguard properly, this should be totally possible.

In terms of broad brushtrokes, the pfSense docs will be your best bet:

https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/index.html

https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html

Second link is an example config of a Site-to-Site tunnel, should help a bit. In terms of configuring the Fritzbox, probably best to consult their manual about that.

@Gertjan Thanks very much for the ideas & sorry for the late reply...family went on a surprise vacay. So yes the windows firewall was blocking it but blocking before the "Private or Public" pop up. I only mention in case someone else stumbles upon this thread and needs clarification. The Nic was set to "Private". To resolve I had to go into the windows firewall rules and add an inbound rule. Under "Scope", "Remote IP Addresses" I added my vpn range. I can now ping & access the file shares - the security pop up box does in fact now pop up asking for the credentials.

The WDMybook has a static IP BUT set within the configuration of the WDMybook GUI. It is within PFSense's dynamic IP range so I will change to WDMybook to dynamic (within the WDMybook Settings) and then set a static ip address for it within PFSense.

I do have wireguard set to use the dns ip of pfsense.

As for the remaining ip's. One device is a debian box that will also need it's firewall rules adjusted if I want access to it. The others are Amazon devices and they (Amazon) seem to block VPN's. I think it's a blanket thing to prevent ppl trying to access content outside of their global region but seems to also block incoming connections. Not a big deal as I don't need access to the echo dot's from outside.

Thanks for the help. Glad it's working

Ugh, not at all related to Wireguard, but an outage on one of my ISPs. I need to improve my alerting.

[I tried to post this the other day, but the forums were having issues]

It seems to be an error specific for my setup here and not regarding pfsense/wireguard. I only have this problem at our provider colocation and not at our own locations.

Nevermind. I got it figured out based on Lawrence Systems video:
https://youtu.be/8jQ5UE_7xds?si=iH1hbJp1ZIj34XyI