@dcgibby said in Cannot connect from tun_wg0 to LAN:
@dkeller
The current WG package doesn’t setup any routes.
So for the peers you create in pfsense, the allowed ips need static routes created.
Also you are going to have to check outbound NAT and set to manual and remove any NATing on your WG gateway.
Create the tun_wg0 interface
static ipv4
10.1.1.1/24
none for gateway
Then go to system -> routing
create a new gateway
using the assigned opt interface for the tun_wg0 (or whatever you name it)
set gateway to 10.1.1.2
Now goto system->routing->static routes
create a new static route
10.1.1.2/32
using the gateway you created above
Then you need to goto firewall->nat->outbound
set to manual
remove any of the assigned opt interface
remove any NATing of 10.1.1.1/24 on the assigned opt interface
also if you need to access pfsense dns you have to setup that on your client. you can use the opt interface address and just make sure it’s enabled in dns resolver
give that a try and see if connections work.
for the 0.0.0.0/0 access
you have to do the above but create a second gateway with address the one of client 10.1.1.3
then add static route to that ip
then you need to setup outbound NAT
Use WAN
source 10.1.1.3/32 (or 10.1.1.0/24 if you want all clients to route through wan)
NAT address set to WAN address
again make sure you have DNS setup on client to resolve things. either point to your pfsense box or some other DNS server
I'll give it a go and see. Is it me or the primary purpose of vpn is to go from client to server anyway, would you focus on that part first with a package?