@djwopasadjlk, I don't consider myself much more than a newb either! LOL Unfortunately, no, I do not have a blog. On the plus side, there are countless blogs out there to cover all of what I've done and more! For my pfSense setup, nguvu and Lawrence Systems taught me a lot! You can find a good baseline guide here! LinuxBabe.com is an excellent source for information. This guide paved the way to self-host an email server and get around a dynamic IP and all the restrictions associated with it. Don't be afraid to play around. I've broken a lot more than I've fixed/got running! If you can, pick up a used server. You can find them for pennies on the dollar. Typically, if you swap in some new hard drives, you'll get several solid years out of them, depending on how old they are. Turn it into a virtual host (VMware/Proxmox VE/KVM/Zen/etc.). Snapshots are your friend!!! Oh, and for the record, I was able to get everything working. Now, instead of using HAProxy in pfSense and routing traffic through CloudFlare to my residential dynamic IP, all internet traffic comes through my public VPS with HAproxy and WireGuard, back to each local VM. The trick to making everything reachable was found in PolicyRouting. I hope this helps you on your journey!

@patpend I forgot one thing... https://forum.netgate.com/topic/171272/wireguard-site-to-site-mobile-connection-only-routes-1-side-of-tunnel Check that too. I thought that was created automatically but that user had to create it so you may have to also.

@xxnumbxx said in Wireguard Site-to-Site + Mobile connection only routes 1 side of tunnel: I got it. I created a NAT outbound rule allowing traffic from the mobile VPN. @xxnumbxx I tried this with no success. Which side gets the outbound rule and which IP ranges go in the rule? Can you post an example please?

@lawrencesystems Yep, that was the solution. See redmine #13153. Thought I was the only soul on the internet who'd encountered that problem. Figures if anyone else would have bumped up against it, it would be you guys

for future reference, this was an unexpected self made problem, I selected the dev channel as was tempted to try the latest pfplus 22.05 beta but never upgraded, this however I found sets packages to the same channel so 0.1.6_2 isn't compatible with 22.01

Many thanks !! On the Windows box with the share, goto firewall. Inbound connections. Find File and print share, SMB. Hit scope tab and allow all. Was set to Local IP only. She logs in and is asking for credentials. Perfect, exactly the direction I was looking for. I normally only log into linux box's via VPN. So I forgot all about that. Again thanks for quick response!

@joshhboss I hit this same issue today. I found https://redmine.pfsense.org/issues/11494 and the system tunable you used is mentioned there as well. I hope for a proper fix at some point but this seems harmless enough.

Solved by watching a video from Christian McDonald. The change was to the settings in the peer (client) app. I set the DNS address to the tunnel address (192.168.85.1) rather than my pfSense address.

Yes that's how I do it also. I'm experimenting with FRR now to dynamically discover the routes instead of having to manually define them.

@crowfather said What does the WG config file look like? (Redacting private information obviously) [image: 1651596131433-img_3487.png]

@ofloo Figured it out, bgp raw configuration was overwriting the configuration. So basically never got updated kept running old config. Must of updated configuration and hit save at some point in the past.