pfSense and Wireguard. Issues..... GRR
-
I ended up running a backup of everything except the installed packages (WG was the only package I had installed) and spinning up a new VM for pfSense. After it was up and running, I restored the backup. It's working fine now -- still can't get WG to function properly though. As of right now, I've got the firewall rule set to allow ALL VPN TRAFFIC to access the entire network unrestricted. I figured that once I get that working, I'd pare it down to be as restrictive as I need.
But even though the phone successfully performs the handshake(s), it won't allow any traffic. I can't browse the internet or access facilities that are behind the VPN. :(
-
@doni49 Are you just venting or do you want some help??
If you want help, maybe you should provide some info?
Post screenshots of your config. -
@doni49
I was going to post screenshots to ask for help but had to deal with a phone call from the boss.Here are all the screenshots that I thought would be useful.
-
As I continue to troubleshoot this, I realized that I had entered 10.1.90.1/32 in the tunnel instead of 10.1.90.1/24. I made that change and unfortunately, it hasn't gotten any better.
-
@doni49 Your client looks good but you need to fix the peer config.
10.1.90.0/32 isn't gonna get anything done.
And add 0.0.0.0/0 to it also. The 10.1.90 is the tunnel, you need the network beyond the tunnel too. -
@doni49 said in pfSense and Wireguard. Issues..... GRR:
As I continue to troubleshoot this, I realized that I had entered 10.1.90.1/32 in the tunnel instead of 10.1.90.1/24. I made that change and unfortunately, it hasn't gotten any better.
You posted as I was typing, not sure where you saw 10.1.90.1/32, I see 10.1.90.0/32. You're still wrong either way, you want 10.1.90.101/32. Plus the 0.0.0.0/0.
-
@Jarhead said in pfSense and Wireguard. Issues..... GRR:
@doni49 said in pfSense and Wireguard. Issues..... GRR:
As I continue to troubleshoot this, I realized that I had entered 10.1.90.1/32 in the tunnel instead of 10.1.90.1/24. I made that change and unfortunately, it hasn't gotten any better.
You posted as I was typing, not sure where you saw 10.1.90.1/32, I see 10.1.90.0/32. You're still wrong either way, you want 10.1.90.101/32. Plus the 0.0.0.0/0.
I saw it under the interface (the simplest way I can think to describe is to tell you I click on Interfaces>Assignment>WG. At the bottom of that page, it had 10.1.90.1/32. I changed that 10.1.90.1/24. I'll try changing the peer to 10.1.90.101/32 & 0.0.0.0/0.I'll post back with the results. Thanks for the assistance.
-
@doni49
OMG! That was it! Now to save a backup and move on to getting split tunnel working and limiting VPN access to the 10.1.20.1/24 network.Thank you!
-
@doni49 You don't have to guess. All of this is very much documented.
I have to say this is one of the weirdest threads I've ever come across. Instead of pulling your hair out, just read. -
@Jarhead
Yeah. I get it. I've read some conflicting info while researching this along with some videos that contradicted some of what I saw. I've gone down so many rabbit holes that I lost track of what I had and had not tried.That and not noticing my typo (32 vs 24) didn't help.
But thanks.
