Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't bridge internal Wireguard interface to the outside

    Scheduled Pinned Locked Moved WireGuard
    1 Posts 1 Posters 226 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      ma0f97
      last edited by

      Hey guys hope you can help me here.

      I have PfSense on Proxmox and have several interfaces connected to it. Now I want to monitor all these interfaces on another VM (SecurityOnion) which I can do easy with the Proxmox Virtual Interfaces / Networks, but what is missing is the decrypted "VPN_WG" Wireguard Interface (the one were the already decrypted traffic can be observed) which is only visible from inside the PfSense VM.

      How can I now mirror the traffic to an interface that is reachable from outside, so the traffic on it can be inspected?
      I researched and found that adding a Bridge with Span Port is the solution but it doesn't work.

      Here is what I tried so far:

      1. Added a new Network in Proxmox and attached it to the PfSense VM
      2. Assigned it as OPT5 in PfSense
      3. Enabled it
      4. Created new Bridge, with "VPN_WG" being selected as the Member Interfaces and "OPT5" as a Span Port:

      Screenshot 2023-08-26 at 03.14.37.png

      1. Assigned the new BRIDGE01 as "OPT6":

      Screenshot 2023-08-26 at 03.14.54.png

      1. Enable "OPT6" as well.

      Still there is no packet coming to the OPT5 interface even though VPN_WG is receiving packets.
      I tried the same thing with the "LAN" interface as the member interface and it worked with no problem, but it seems impossible on the VPN_WG interface.

      I already asked in the general section, but they agreed that posting it here would be a good idea, as people here may know more about why I can't bridge this specific interface.

      If anyone can help me I would really appreciate it.

      Greetings
      Martin

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.