Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard gateway no working outside dashboard

    Scheduled Pinned Locked Moved WireGuard
    wireguardstatic routevpn tunnelsite-to-sitesite to site
    13 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      technoblue
      last edited by technoblue

      Traceroute working
      92c24e83-224f-4eee-82ef-525c6a6a58a6-imagen.png

      But when I select the interface MYSWITCH (this is what i use as i use my 3 LAN ports)

      aa1abfe8-a294-43ce-892a-c9922517f5fd-imagen.png

      T 1 Reply Last reply Reply Quote 0
      • T
        technoblue @technoblue
        last edited by

        Someone know what cloud be happening?

        J 1 Reply Last reply Reply Quote 0
        • J
          Jarhead @technoblue
          last edited by

          @technoblue Judging by your Firewall Rules I'd assume you're not using an interface for the tunnel so what rules do you have on the Wireguard tab?

          T 1 Reply Last reply Reply Quote 0
          • T
            technoblue @Jarhead
            last edited by

            @Jarhead

            Hi! Yes I´m using an interface

            a2577576-5d81-44c4-af00-a358137147d7-imagen.png

            What I don´t understand is why the ping works with the LAN interface, but it doesn´t works with the "MYSWITCH" interface, this one I use to have 3 LAN ports of my box

            e325ec81-f7db-45f0-aadf-224202e03653-imagen.png
            4d256022-9771-4b1e-b1ba-7ddf4d60c8a6-imagen.png

            J 1 Reply Last reply Reply Quote 0
            • J
              Jarhead @technoblue
              last edited by

              @technoblue You need to set the MTU to 1420 on the WG interface.
              Do a constant ping from the far end while doing a packet capture on the pfSense WG interface. do you see the pings going both ways?

              T 1 Reply Last reply Reply Quote 0
              • T
                technoblue @Jarhead
                last edited by

                @Jarhead

                MTU to 1420, done.

                No, my other wireguard service is running in an Qnap router and it doesn´t allow me to use the wireguard as cllient, only server I think it doesn´t matter as I can reach the subnet 192.168.15.0/24 the Qnap LAN, the ping and trace rout works when in Pfsense i select LAN interface, the problem is when I want to reach it from my Bridge interface (MySwitch) which is the one i use.

                edef5b09-63d5-4d56-99e9-40b05765166d-imagen.png

                J 1 Reply Last reply Reply Quote 0
                • J
                  Jarhead @technoblue
                  last edited by Jarhead

                  @technoblue So then it's something on the pc itself.
                  Is the gateway set correctly?
                  Do you have Windows firewall enabled? If so, disable it.
                  Is the pc's network discovered as public or private?
                  Can the pc connect to anything else?

                  Just to clarify, Wireguard doesn't use Server/Client types. Everything is just a peer.
                  Although one peer can be used as a hub in a hub and spoke config (ie multisite) so it can be considered a server, but it's still just a peer.

                  T 1 Reply Last reply Reply Quote 0
                  • T
                    technoblue @Jarhead
                    last edited by technoblue

                    @Jarhead

                    My Pc and my other devices in the network doesn`t have any issues, I think that the gateway is set correctly because in the ping and tracerout test works fine with "Any" or LAN Interfaces, the issue is when I try it with the "MYSWITCH" bridge interface (which is the one use)

                    71271113-7be3-423d-b424-d411cb5dce6a-image.png

                    Static Route:
                    68f077c0-af83-4fc6-85cd-0d5d766e6ee0-imagen.png

                    42cdfd45-7a33-4aa6-becc-69286934e106-image.png

                    94a101d1-5031-4137-b93d-6292b6441dcc-image.png

                    df9015db-5f2d-4e66-b81f-fde15dbdaad8-image.png

                    Thanks for the clarification.

                    1 Reply Last reply Reply Quote 0
                    • T
                      technoblue
                      last edited by

                      Some idea? Someone?

                      1 Reply Last reply Reply Quote 0
                      • T
                        technoblue
                        last edited by

                        Finally!

                        The solution was creating a firewall rule that route the traffic of my Bridge interface through the gateway i have created for the wireguard client.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.