One tunnel for remote access
-
@korr2221 said in One tunnel for remote access:
@mcury i didn't really need full tunnel, but for whatever reason that made it work adding the 0.0.0.0/0 scope. Can someone explain? LOL
0.0.0.0/0 will route everything that is connected to wireguard through the tunnel, including internet access, but you would also need an outbound NAT created.
Split tunnel (0.0.0.0/0 not included in allowed-ips) you will only gain access to the networks included in allowed-ips.
Full tunnel (0.0.0.0/0 included in allowed-ips), wireguard connections will be routed to the internet as well. -
@mcury just realized my LAN works but can't access public sites. It works without the 0.0.0.0/0 I'm guessing adding it in the middle did something and now it works like it's supposed to. But still having trouble with public sites. Odd...
-
@korr2221 nevermind. Changed my DNS from comcast to 1.1.1.1 now all is working normally. WHAT? :3
-
@korr2221 said in One tunnel for remote access:
@mcury just realized my LAN works but can't access public sites. It works without the 0.0.0.0/0 I'm guessing adding it in the middle did something and now it works like it's supposed to. But still having trouble with public sites. Odd...
Do you want to use the Internet from pfsense while connected to wireguard?
Or the phone Internet? -
@mcury it doesn't matter. I know if I want to use the internet from pfsense it is full tunnel and if I want from my phone it's split tunnel. But after changing my dns my split tunnel works correctly now. Odd!
-
@korr2221 It doesn't matter? Really? Ok then.
-
@mcury well i mean for some people it would. but for me, I just wanted to have remote access. haha.
-
@korr2221 said in One tunnel for remote access:
@mcury well i mean for some people it would. but for me, I just wanted to have remote access. haha.
So, you just want to access local resources? That's all?
Remove 0.0.0.0/0 from the allowed ips configuration file, and leave the configuration in pfsense exactly as I posted above. -
@mcury I have. I think you missed the one post above. I know the 0.0.0.0/0 doesn't belong. I was in the midst of trying full tunnel settings and somehow it kicked it in. Then worked after I removed it.
I'm okay now. I think maybe reinstalling WG package did something.
-
@korr2221 said in One tunnel for remote access:
@mcury I have. I think you missed the one post above. I know the 0.0.0.0/0 doesn't belong. I was in the midst of trying full tunnel settings and somehow it kicked it in. Then worked after I removed it.
Its kind of hard to understand what you are trying to do over there, you are not being clear about your objective.
If you remove 0.0.0.0/0, the Internet will work, but its not going to be a full tunnel, which means that websites on the internet will be accessed through your local internet, and not through pfsense internet.
If you put the 0.0.0.0/0, and configure the outbound NAT, its going to be a full tunnel, which means that websites on the internet will be accessed using the pfsense Internet, thus going through the tunnel.
You said that removing 0.0.0.0/0 is working, so you have a split tunnel, which is used only to access local resources in allowed-ips field. Web sites on the internet are actually been accessed using the Internet from wherever you are connecting from.
-
@mcury since that post I have removed the 0.0.0.0/0 and am currently using split tunnel fine now. After changing my DNS all is working. I understand. All is well, it works!
-
@korr2221 said in One tunnel for remote access:
@mcury since that post I have removed the 0.0.0.0/0 and am currently using split tunnel fine now. After changing my DNS all is working. I understand. All is well, it works!
Oh, great then =) One less thing to worry about now
-
@mcury Thank you for your patience and understanding. :)
-
@korr2221 said in One tunnel for remote access:
@mcury Thank you for your patience and understanding. :)
:) you are welcome