Hmm... Solved by changing the Wireguard subnet from a 172.x.x.x range to a 10.x.x.x range. The machine in question is a VM running docker alone and pretty sure it has some strange firewall rules in place regarding 172 subnets. Docker is just weird.

Thanks to Tigger2014 on github, I dicovered some how a directory for the package was a file on my system. After renaming the file, I was able to successfully install the package. Issue resolve on my end. Thank you!

@theonemcdonald I too have been trying to get a road warrior WG setup on 2.5.2. and also would love a simple config guide or video on the road warrior setup. So far I am hoping to be able to piece together what is needed to get a basic config up and working with from your mulvad video and also from the screenshots you posted in another thread. https://forum.netgate.com/topic/163133/wireguard-lives/66 I am subscribed to your YouTube channel and do thank you for all the work you have done for the community at large it is beyond awesome. :-)

@johnpoz said in I am lost....: As to ease of setup - I thought, maybe I mistaken but at some point there is/was suppose to be a QR code you could just point your phone at to set it up? If that was true than yeah it would be slick ;) The Android app had this capability but pfsense does not yet seem to generate these codes, at least not through the GUI. I tried downloading the config and importing this but this did not work. This was in the early tries when I did not understand what I was doing. Maybe it would work now.

I gave it a go and I feel like I'm nearly set up - but I'm still not able to get my remote peer connected to the tunnel... I reckon I've got a simple config mistake I'm missing. Feel free to see my post on the other topic you posted!

@jimbohello yup I've switched to IPsec I can't lose connectivity to the stuff behind the tunnel for any given reboot.

@botboy This is in a remote access setup that works perfectly, except for the constant errors on the Interfaces widget... Happy to provide more details if needed.

Thanks for the heads up, however I already set it up this morning.

@gabacho4 I imagine things have been delayed a bit due to final work on 2.5.2 base. Things will improve here a lot in the next week or so, stay tuned

@floky99 This forum is only for discussion relating to WireGuard on pfSense. I'd recommend posting here https://www.reddit.com/r/WireGuard/

@theonemcdonald Sorted. Cheers man :)

@theonemcdonald Thanks my friend for your answer the MTU value of my network interfaces is 1500

@gertjan Could also be TLS failing because of MTU issues.

@netermin I don't understand what you mean. pfSense has 2 DNS systems available, a forwarder and a resolver. Resolver is enabled by default. Your clients should be using pfSense as their DNS, either statically or set via DHCP. Edit: If you don't want to make any changes to your DNS and you just need access to one or two servers from the one client, you could always edit its hosts file to add those names and point them to their IPs.

@yon-0 thanks, this will be fixed in next build which I hope to have submitted to Netgate soon

@theonemcdonald Will do. So far this issue has been specific to Mullvad (wg) tunnels. With their recent change sounds like it's fixed now, but I will get that monitoring configured and will post results here soon.

I solved it! I didn't realize that WG allowed IP's also acted as a firewall for destination IP's for outbound. So if you want to route destination=Internet through the tunnel, you would have to add 0.0.0.0/0 to the allowed IP's on Site B. WG reference: https://www.wireguard.com/#conceptual-overview

@theonemcdonald Well I tried removing the package to see if the newer version would show up when I went to reinstall. It did not. My guess is that Netgate hasn't rebuilt a package with the new version. However, despite having things set to retain settings upon uninstall/reinstall, I lost all of them. Fortunately I had a backup and was able to restore. Something is not working right for sure on that front.