@jwt is/was this reply intended for someone else?

Ahhh! This explains so much!

I had tried to copy my existing rules across from IPSEC tunnels to Wireguard and it just wasn't working like I expected.

I hadn't considered the gateway interface was doing NAT - make sense I guess when you think about it. Switching to Manual Outbound NAT and then disabling the WireGuard interface fixed it.

This really gets pretty messy when you're doing multiple site to site IPSEC migrations to wireguard (I was having poor performance using IPSEC / Starlink for what ever reason - Wireguard just seemed to work)

Can anyone recommend a pfsense / Wireguard guru that would we available to look over a proposed setup and provide best practice? Happy to pay - Id rather do it once correctly than introduce unnecessary workarounds and fixes to get it going. approx 20 sites, DC, Azure (pfsense)

I had the same issue. I configured the wireguard interface as an actual IP interface and the issue cleared up.

I've hit a roadblock here. Is there somebody who can offer a bit of advice?

@fyobl

Cloud ? VPN ? Is there a place for 'pfSense' in your question ?

pfSense has no lists with IP's 'to pass' or 'to block'. pfSense is a firewall/router and routs all traffic - no exceptions - from a LAN interface to the outside world, the gateway, over the WAN interface.

@bigsy

I think it'd be useful if WG behaves as OpenVPN does and allow to use the same configuration concurrently IMHO :)

@bigsy Thank you!

I restored one connection but still struggling with another.
But WG works on iOS15, it's more like a pilot problem (copying all keys correctly etc.)

What is not clear to me is why WG does not have "a la" VPN client export config ability. I tried to download the tunnel configuration, but it seems to be requiring some editing, and couldn't make it work. Maybe I am not using it correctly?

Hi,

let see - so when Client firewall is disabled you can ping the client? So your problem is Windows firewall, not WireGuard. Everything looks to me normal.

@orkopaede said in Can't connect to Clients within LAN via Wireguard:

What i find out so far:

When the client Firewall (Windows Firewall) is disabled i can ping the client

I hope someone have an idea what i could try to fix this problem.
Thank you in advance.

I am as well. I couldn't figure out what it was so I just went and used NordVPN's OpenVPN protocol instead, which seems to work just fine.

@slkamath

Thank you everyone.

No proper support for Wireguard, So I have uninstalled WG.

Thanks & Regards
Lokesh Kamath

@jim-bob-the-grand I've just set up with my VPN provider (vpnunlimited) and wrote an instruction here. I believe it could apply to most VPN provider:

WireGuard to VPN provider