@siwatsirichai I think you are handling this wrong but depends on your use case. Site B,C,D will have the real IP of the client natted - Assuming this is what you want. If this is not what you want, then have no gateway configured for the WireGuard Interface at site B,C,D. You then need to create a gateway at each site and for each site then you utilize static routing.

@jarhead Yes! This worked. Thank you so much

@johnpoz Thanks - but that gave the same error. I think the root of my problem is that VirginMedia hate VPNs! https://windowsreport.com/vpn-blocked-virgin/ I think I will try accessing the site sometime when on another isp! Thanks again - must go battery very low.

If you haven’t solved your issue yet, you have to request an IP without DNS hijacking from a different API. If you want to use the WG key you are currently using, delete it from your Mullvad account and then request the IP. You can also just use a new key if you prefer. The guide I linked below will show you how to request the IP that does not have DNS hijacking. After setting your tunnel up with the new IP Unbound will work through the Mullvad tunnel. Just an FYI, Mullvad’s connection test will show a DNS leak while using Unbound. As long as the test shows that your DNS IP is exactly the same as your tunnel’s public IP then it is working. link text

@bob-dig ok! looks like the chatty kathys have stopped. Not seeing any traffic on the WG interface. Thank you Sir!!

@ryu945 I tried VPNing from outside the network and I couldn't get internet at all for wireguard.

@xxgbhxx said in Strange Wireguard Setup Problem: So your issue I think is caused by your OpenVPN tunnel acting as the default route. This ended up being the issue. Even though my Pfsense configuration said wireguard interface was the default route, I had to force it to WAN. Now it works fine. Now that I had forced it to WAN one time, I find wireguard is connecting fine whether I have the default route set to WAN or the wireguard interface. This is strange that wireguard as default route works now when it didn't before and I suspect it is related to some underlying bug. From my experience with 2.6.0 so far, I have noticed things acting buggy. It is the first time I had a configuration fail to apply. I think I was apply a DNS resolver configuration and I had to apply a different configuration before I could apply the one I intended to as clicking save and reapply did not reapply it. This version of Pfsense feels like it should had stayed in the development branch for longer.

@johnpoz , I would be my grandma Why they don't just let you put in the IP or the fqdn for your devices is beyond me.< Only God knows.... Just control your iot devices via their mother ship website ;)< There's an option called "Out of Home" or something similar... but looking at their own beautiful protocol, it seems that these weird devices don't need any strong authentication to set options..so in the worst case I will control them just from home just from their lan..

Just looking for a situation where WireGuard might not work, maybe a port is blocked, TCP versus UDP, streaming video files, using in Europe, Asia, etc.,

@powerextreme said in Firewall Rules not affecting Wireguard traffic: I ping from my local LAN to the remote peer LAN and it goes through. What am I missing here? You have to block this on your LAN Interface.

@themac Solved the dhcp server of my router is giving ip in the same range as the pfsense dhcp server.

I've identified that the above simulated state happens when failover happens in rapid succession. I mean if tier 1 wan happens to go DOWN and UP in rapid succession, the rules/state update logic hangs like in the example above. It it happens slower, udp connections keeps living on tier 2.

@joshhboss What kind of issues?

RESOLVED by repeatedly uninstalling and reinstalling. ok, 3rd time is a charm I guess… Attempt 1: Successful upgrade pkg via Package Manager, but kernel mod fails to load, service won’t start. Attempt 2: Successful removal of existing pkg via Package Manager and install from “Available Packages”, but kernel mod fails to load, service won’t start again… Attempt 3: Successful removal of existing pkg via Package Manager and install from “Available Packages”, service stars just fine, All tunnels online and peers connect successfully. ???

@packetpirate It seems like I am facing the same problem: https://forum.netgate.com/topic/173025/mullvad-gateway-as-dns-resolver-gateway-does-not-work did you ever solve yours?

anyone?