Wireguard works... Kinda.
-
Ok, I installed WireGuard, configured it up. Windows machine connects, and I can ping pfsense, I can ping the gateway, but not windows machines ? I can access GUI of pfsense over VPN. So I'm connected, but can't access Windows shares? I remember something stupid I had to do with OpenVPN, but can't seem to think how to apply this with WireGuard?
PFSence LAN 10.22.24.1/24
WireGuard : 171.16.15.1/24Client :
Interface
PrivateKey = xxxxxxxxxxx
Address = 171.16.15.2/24
DNS = 10.22.24.1, 1.1.1.1, 1.0.0.1Peer
PublicKey = xxxxxxxxxx
AllowedIPs = 10.22.24.0/24
Endpoint = xxxxxx:xxxx
PersistentKeepAlive = 10Firewall NAT Outbound "Hybrid"
Created mapWAN
ipv4
any
network 172.16.15.0/24
any
address Interface AddressesAnything you can see that I'm missing ?
-
@cire3 OS firewall probably?
-
@cire3 Check routes on both sides.
-
@mcury On the Windows shares ? Or the client connecting to the VPN ?
-
@cire3 said in Wireguard works... Kinda.:
@mcury On the Windows shares ? Or the client connecting to the VPN ?
Server side.
Wwindows defender usually only allows connections from the same network, so you need to create a firewall rule to allow that communication.
You can disable the Windows firewall for a minute to test before tweaking the firewall rules, then enable it again and create the rule accordingly, TCP-445. -
Going to disable firewall and check
Client Connected to the VPN
Interface List
6...........................WireGuard Tunnel
7...28 16 ad 09 34 14 ......Microsoft Wi-Fi Direct Virtual Adapter
4...2a 16 ad 09 34 13 ......Microsoft Wi-Fi Direct Virtual Adapter #2
8...28 16 ad 09 34 13 ......Intel(R) Dual Band Wireless-AC 8260
16...28 16 ad 09 34 17 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1IPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.11.1 192.168.11.3 50
10.22.24.0 255.255.255.0 On-link 172.16.15.2 5
10.22.24.255 255.255.255.255 On-link 172.16.15.2 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.16.15.0 255.255.255.0 On-link 172.16.15.2 261
172.16.15.2 255.255.255.255 On-link 172.16.15.2 261
172.16.15.255 255.255.255.255 On-link 172.16.15.2 261
192.168.11.0 255.255.255.0 On-link 192.168.11.3 306
192.168.11.3 255.255.255.255 On-link 192.168.11.3 306
192.168.11.255 255.255.255.255 On-link 192.168.11.3 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.11.3 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.11.3 306Persistent Routes:
NoneIPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
8 306 fe80::/64 On-link
8 306 fe80::447:6b05:355d:be97/128
On-link
1 331 ff00::/8 On-link
8 306 ff00::/8 On-linkPersistent Routes:
None -
Oh wait, the windows share PC is seeing the VPN Lan IP address then, correct ? the 172.x.x.x
-
@cire3 said in Wireguard works... Kinda.:
Oh wait, the windows share PC is seeing the VPN Lan IP address then, correct ? the 172.x.x.x
Correct, unless you have Outbound NAT configured for the server interface, which would be weird to have..
-
Many thanks !!
On the Windows box with the share, goto firewall. Inbound connections.
Find File and print share, SMB. Hit scope tab and allow all. Was set to Local IP only.
She logs in and is asking for credentials. Perfect, exactly the direction I was looking for. I normally only log into linux box's via VPN. So I forgot all about that.
Again thanks for quick response!
