I can only access the NAS which is in another network

@Bronko

Ah yes, I forgot to post a link to the reddit thread as well. Thank you! 😃

@Bronko said in Port forwarding through WG tunnel missing reply-to:

Ok, but @carrnelltech have the right ideas already included at bug report.

Yes, agree, he elaborated this bug report very well. Similar as the interface config page for OpenVPN, there could be some different options if you have assigned a Wireguard instance as network port.

Gotcha, well it's not really feasible to say give a VPN client a local IP on a subnet the firewall is already managing as an interface, so I think the only solution would be to use NAT but this can create it's own issues.

But if you were to NAT the wireguard connection to a different IP within that local LAN subnet (and make sure it's not one within that subnets DHCP pool) then you probably can achieve what you're looking for here.

@JuntaSense thank you so much - this did it!

@Owen82 They both should be in it.

Remove any rules you have except allow anything for testing. And set keep alive with 25 seconds for testing. Set a port in the VPS as well.

SNORT!!!

I was able to get my ISP to give me a publicly accessible IP address for my WAN. This has solved my problem. Thanks for all the suggestions.

@DaddyGo ok thank you so much for confirming

@JonathanLee

Hey, thanks for replying. Yes I have tried both of those things you suggested. I noticed this in the system routing logs:

2023-09-19 00:50:01.509563-04:00 miniupnpd 69708 SSDP packet sender 10.200.0.40:41899 (if_index=10) not from a LAN, ignoring //(this seems like a problem 0 phone is 10.200.0.40 here, and it's packet is being ignored) 2023-09-19 00:48:42.339875-04:00 miniupnpd 69708 ioctl(dev, DIOCGETRULES, ...): Invalid argument //(LOTS of these)

@Bob-Dig My wan is ppoe with vlan, the other wan is the nic interface (parent).
I will try later when i go home, if ports remain up for wg and for that reason i need to use another port to bring up the connection.
It is still werid why wg tunnel is working with different port.

@adam23450 said in wireguard and one interface multiple peers with network 0.0.0.0/0:

@Bob-Dig When I add 0.0.0.0/0 in both, each of the gates is no longer reachable. It says here that the address must be unique. So it follows that I have to add each network manually? ...

Allowed IP entries here will be transformed into proper subnet start boundaries prior to validating and saving. These entries must be unique between multiple peers on the same tunnel. Otherwise, traffic to the conflicting networks will only be routed to the last peer in the list.

@cmcdonald Now I became curious too, the limitation that only one peer can hold 0.0.0.0/0, is this an inherent limitation of WG or could/should it be changed for the implementation in pfSense?
I will connect mine to two other pfSense(s) and I want to use each as an "exit node" for mine. I will opt for two tunnels for now.

@xxnumbxx Like with every other vpn tunnel.