Wireguard and Netgate SG-1100
-
Hello,
I have created a Wireguard tunnel between a pfSense VM and a Netgate SG-1100. Both sides are using the latest pfSense software and the latest Wireguard pkg.
The pfSense VM has a public IP. the SG-1100 does not have a public IP so it is a dynamic WG peer.
The tunnel is up and the WG interfaces are pingable from either side.
I can not ping subnets on either side of the tunnel however. For example from the pfSense VM I can not ping the LAN interface of the SG-1100. Also from the SG-1100 I can not ping the LAN interface of the pfSense VM.
As a sanity check, I used a WIN 11 workstation on the SG-1100 side and installed the WG client. The WG client is able to ping the LAN of the pfSense VM FW.
The SG-1100 is almost factory defaults. The WAN is port 3, LAN is port 2, and OPT1 is port 1. WAN is vlan 4090, LAN is vlan 4091, and OPT1 is vlan 4090.
Does a VLAN need to be created for WG? If so what ports should WG be participating in?
Ty,
Sean -
Hello,
I have a small update. I am able to ping the LAN IF through the WG tunnel from the SG-1100...but I have to use the command ping -S x.x.x.x (SG-11000_WG_TUN_IP) y.y.y.y (LAN_GW_IP)
So WG on the Netgate SG-1100 is just not talking to the LAN interface. Can I modify the vlan config on the Netgate to allow WG to talk tot he LAN?
-
Another update. I was able to get OpenVPN working site to site with PSK. It works. WG just does not seem to play nice with the vlan setup on a SG-1100.
-
@scourtney2000 Did you add static routes?
WireGuard does not add the routes like OpenVPN does. -
hi jarhead,
I did try to add static routes with the WG IF IP as the gateway. no luck.
ty,
Sean -
@scourtney2000 But if you're telling the ping which source to use and it works.... sounds like a route issue.
Can you post pics of your configs, gateways and routes?