For anyone else finding this thread. I've found the solution.

Create a port forwarding rule

INTERFACE: WG0
PORT: 44158
DESTINATION: WG0
DEST PORT: 44158
REDIRECT TARGET IP: MINER IP
REDIRECT PORT: 44158

Then everything works as expected.

@jimp said in pfSense 21.05.2-RELEASE and WireGuard 0.1.6:

set your update branch to "Previous stable version (21.05.2)" and then install WireGuard 0.1.5_x again.

Thanks for the answer

I have updated to pfSense Plus 22.01 even before your response.

@dma_pf said in Noob WireGuard Setup Questions:

@areckethennu Sorry man, my mistake...on theWwireGuard NAT rule try changing the source to 192.168.1.0/24 and change the value in Destination to Any.

I'm confused. I thought that second hybrid Outgoing NAT rule allows the translation of traffic leaving my WireGuard remote devices from the WireGuard interface to my LAN subnet (192.168.1.0/24). Of course, I think the NAT Address on the rule shouldn't be WireGuard Address. It should probably be the LAN subnet.

I agree with making the destination any (*). But, I don't understand why I'd want my Source addresses to be from my LAN subnet instead of my from my WireGuard subnet.

I'm going to play around with the NAT rules some more. But, I think I'm to the point where Windows is the problem instead of the tunnel.

I did find a way to make the WireGuard tunnel a Private one instead of a Public one. Either edit the Windows Registry:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles ```, find the correct network connection by scrolling through them and change "Category" from 0 to 1. Apparently, another way is a PowerShell (admin) command:

Set-NetConnectionProfile -InterfaceAlias 'wg0' -NetworkCategory 'Private'

where wg0 is whatever it is in Windows. I also went into the Windows Firewall and told it to allow the WireGuard app access to both Public and Private networks. Unfortunately, none of that fixed the problem. I'll see if any NAT rule changes help.

@dma_pf I already did tried to upgrade to pfsense 2.6.0 and pfsense+ , but they have more problem. vlan cant get ip on the wans only ipgateway no ip on wans. also the captive portal is blocking ping and other traffic. so I reverted back to 2.5.2 wireguard was working before.

I have solve the problem. I installed 2.5.0 first then upgraded to 2.5.2 and then installed wireguard. Now its working fine.

Just to end this: appliance B was updated smooth and successfully from 21.05.2 to 22.01.
All services running.

Regards

Solved, was a misconfiguration. I forgot to enter the IP-Range of the remote tunnel (notebook) at Site B (allowed IP's)

@padraic71 Yes, Wireguard running on pfSense. This is a pfSense support forum. We can't help you with Wireguard problems on your Raspberry Pi.

OMG! Did not see this option every time I looked at the settings pane... 😖

362395e0-8e0f-4ecc-ba33-0ddcf2da3d3e-grafik.png

🤐

@korr2221 said in One tunnel for remote access:

@mcury Thank you for your patience and understanding. :)

:) you are welcome

@eirikrcoquere I do the same I just had to think about what the service provider was doing so now I have IPv4 and IPv6 up and working with no problems.

@johnpoz I'm using WPA2 Personal. Although the OpenWRT supports WAP3, i don't believe the laptops support it. Need to double-check. But thought it is not secure during the initial handshaking. Not really au fait with it, but am paranoid about security - All access points support WPA3 just checked

@dehumanizer77 HA syncing is not supported (yet). No timeline on this. But generally speaking, yes the entire package config is backed up as part of the package section backup for pfSense (make sure you check the Keep Configuration in WireGuard \ Settings page).

@galt007 You have to create/ add interface with ip address from mullvad (/32), make them as gateway, create gateway groups, routing, nat, and rules for lan. for illustration: https://forum.netgate.com/topic/169466/multi-wan-multi-tunnels-peers-wireguard-vpn-load-balancing-failover

@p-dang thanks, this fixed it!