Wireguard tunnel up but cant get sites to communicate
-
So in the image below is basically i have and its not exactly working properly.
From Router A.
I can ping to both wireguard interfaces and each reach the NVR at 192.168.253.5.
But from my computer that sits on 192.168.2.7, I can only ping the WG interface on its router (172.16.3.1) I do not understand how the tunnel can be formed and the router itself can reach the NVR. But i cant even reach the other end of the tunnel.
on all the interfaces i have an allow any protocol from any network from anywhere and static routes in place. Is there something else i should be looking for.
-
@joshhboss the tracert below shows how it connects directly to the local wg interface but then choses to go out the wrote gateway to get to the other side.
172.16.3.1 local-- finds it just fine. but
172.16.3.2 remote tunnel ip , that router itself gets to no problem. fails
-
@joshhboss Hello, today I and my collegue spend a few hours by this issue. After restart you need to disable and enable static routes. There seems to be some bug. Wireguard doesnt make routes and the static one on wireguard interface doesnt work after restart.
-
@georgecz58 My issue is even getting to the remote tunnel interface.. not just to the opposite side lan.. did try that tho and still nothing
-
@georgecz58 Has to be the network cards on this dell r210.. the exact same configuration on another box and it works perfectly.
-
@joshhboss I localise my problem. Problem wasnt wireguard or pfsense, but my configuration. I didnt setup monitoring of wireguard gateway. After reboot it automaticaly try setup routes, but in time, when GW wasnt ready. After enabling GW monitoring, and setup static routes properly, everything works perfectly now.