Actually please delete, for some reason I am able to access TrueNAS now... not too sure what the cause was, I reset network configuration on TrueNAS and BAM started working.. Please close this thread. Thank you!!

@keyser Thanks for the info, if that is the case I wouldn't bother trying to make this work then.

I've already tried the 100% trick as per the following forum thread, but colums do not scale.

@luckman212 Has this been integrated into a subsequent release or is this patch still valid? I'm having the same issue on 23.05.1-RELEASE.

This looks like it will solve my issue. I'll update after I've had a chance to try it out.

@cburbs [image: 1691336653243-187e2a46-521f-4dc3-ae9e-c8033cff7719-image.png] So if the phone connecting is on the 10.0.2 wireguard tunnel and I only want access to Vlan 3 what's the best way to do that? While on wireguard: No access to the pfsense box, Switches, Vlan1, Vlan4, Vlan4 Can't ping anything in the above either Just access to one docker on Vlan3.

@JustAnotherUser said in Routing Internet Traffic Through A Site-To-Site Wireguard tunnel: You set your SITE's Default Gateway to your WG interface ...WG interface on MAIN Router. (to be unambiguous)

@mThirteen Your WG VPN may be up and running fine and you just don't know it... From each device: ping the far end WG tunnel IP. If you can ping the tunnel IPs, your VPN is working fine. If your VPN is working fine but there's still no traffic through it, it's probably because: You didn't set up the static routes. You have OpenVPN entries on your pfSense box that are interfering. The Wireguard module is a little bit broken in that OpenVPN entries (even disabled ones), mess up WG. I fixed this issue by deleting all of my OVPN entries. Others have fixed this issue by deleting the WG peers and tunnels and re-installing them. I highly suggest you backup your pfSense before deleting anything. One other thing you may try is to explicitly add your tunnel's far end IP in the Allowed IPs (/32). With 0.0.0.0, it shouldn't matter but the WG module is a little flaky and this might fix it: [Peer] PublicKey = ************************************ AllowedIPs = x.x.x.x/32 AllowedIPs = 0.0.0.0/0

Thank guys, I have a Wireguard client set up like https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html with a gateway group that prefers routing over Wireguard (tun_wg0) and fails over to normal WAN GW in case of Wireguard failure. I have found that the best way of disabling Wireguard from GUI is to disable the tun_wg0 interface. In that way traffic fails over to WAN GW. If I do the same in CLI using ifconfig tun_wg0 down, the interface goes down, but traffic never fails over to WAN GW. What is the CLI equivalence of disabling tun_wg0 in GUI?

@mikebflyer You bridge the interfaces. I've never done it in pfSense so I can't tell you the details other than: Interfaces >> Bridges >> Add When you bridge them, they act as one interface so they have the same IP and are connected to the same subnet. Here's how to do it to an OVPN interface (it will be the same for a WG interface): https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html

@mooncaptain I had the same problem. HERE was my fix- https://forum.netgate.com/topic/181857/solved-wireguard-interfaces-ping-but-can-t-get-actual-data-through

@Neosmith20 Lastly, if you look in: Status >> System Logs >> System >> General And filter on "ireguard" (and then filter again on "WG0" (or whatever you named your interface)), you will see some of the logs. (My personal experience has been that those log entries have been pretty useless)

Well i think that i might solved the problem after reboot. If someone can test and see if its working, i did several reboots and now my wg is coming up without the error for unknown gateway. What i did is check the box Disable Negate rules under System/Advanced/Firewall & NAT. But i still have the problem if my wan goes offline when it is coming back my wg connection will remain offline until i reboot the box. This is a clean 2.7 install without restoring backup just to discard any errors.

@tweek negative. I wrote the package and can confirm it has always been kernel driver.

@keyser okidok, thx anyway ;-)