wireguard config - can connect but cannot ping LAN hosts from phone
-
I was able to connect my phone but it cannot see hosts inside LAN.
LAN has addresses 192.168.1.0/24, router is 192.168.1.1
Tunnel address is 192.168.2.0
WAN uses Dynamic DNSSymptoms:
- Handshake is completed, phone connects
- I can ping 192.168.2.0 from hosts on LAN. But not my router or anything from the phone.
Q1. What to do?
Q2. Also, if I change the interface address to 192.168.2.0/24, on the pfsense side it complains that it is a "network address and cannot be used". It is fine with one client, but what if I have more in future? Why is there the mask field at all in the configuration then?Here is my config (only keys edited away)
On the server (which is a pfsense router)
Description: external
[Interface]
PrivateKey = [...]
ListenPort = 51820Peer: pixel7
[Peer]
PublicKey = [Z46...]
AllowedIPs = 192.168.2.0/24
PersistentKeepalive = 0On the phone
[Interface]
Name=tun
PublicKey= [Z46...]
Addresses=192.168.2.0/32, 192.168.1.0/24
DNS servers 8.8.8.8 (for now, I would really like 192.168.1.1 later to get names within LAN)
ListenPort=51820#Peer
PublicKey=[...]
AllowedIPs=192.168.1.0/24,192.168.2.0/24
Endpoint=gateway.xxx.com:51820Firewall
- WAN allows everything on IPv4/IPv6 UDP on port 51820
- WireGuard group contains wg tunnel interface and allows everything. For good measure, the wg interface also has a (likely useless) rule to allow anything.
- Outbound below
Any ideas?
-
@mushinsky said in wireguard config - can connect but cannot ping LAN hosts from phone:
but it cannot see hosts inside LAN.
What hosts?
-
@Bob-Dig e.g. 192.168.1.3 (NAS)
Or the router itself, 192.168.1.1 -
Still no luck with this. Any suggestions?
-
@mushinsky You can't have two addresses for the interface and you also have other problems. Maybe take a closer look here.
