Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard VPN clinet -LAN + WiFi(OPT4)

    Scheduled Pinned Locked Moved
    WireGuard
    2
    3
    233
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netescape
      last edited by

      I setup and ran Wireguard VPN client on Protectli. I used Mullvad instructions to configure a LAN tunnel to Mullvad peer. https://mullvad.net/en/help/pfsense-with-wireguard. Just LAN alone, through wireguard works fine.

      Since the box has a wifi module installed I wanted to also have a WIFI tunneled to wireguard.

      When I setup Wireguard for LAN interface, a rule that takes source from LAN subnets to any destination through Wireguard was created.

      I copied a firewall rule, changed interface to OPT4(which is WiFi), set source to OPT4_subnets and destination to any, and gateway is assigned to Wireguard gateway. There is only 1 wireguard gateway.

      Before that the WIFI interface was created and static address range is assigned. DHCP server was also enabled on OPT4 with address pool set to within the address space set in interface static configuration.

      In Common Wireless Confirguration-OPT4 interface is set a Auto, OFDM protection mode=OFF, channel=10, channel width=auto.
      Regulatory Settings: all default.
      Network Specific Wireless Configuration; Mode=Access Point, Minimum Wireless Standard=Any, Allow intra-BSS communication=tried with both checked and unchecked. Enable WME=checked
      WPA-enabled, mode=Both.

      When I try to conenct any WIFI device, I see the SSID and all devices connect. However, there is no internet.

      Does pfsense allow connection of 2 interfaces through tunnels?

      If LAN and WIFI can be connected through wireguard tunnel to WAN, is there a guide that explains how to configure pfsense that way?

      J 1 Reply Last reply Reply Quote 0
      • J
        Jarhead @netescape
        last edited by

        @netescape I take it the wifi interface is a separate subnet, is that the case?
        If so, you'll need to add that subnet to the allowed IP's on the other end of the tunnel.

        N 1 Reply Last reply Reply Quote 0
        • N
          netescape @Jarhead
          last edited by

          @Jarhead -Thanks for hint.

          Correct-OPT4 is on ....3.100/24 and LAN is on .....1.100/24.
          I went to Firewall-NAT-Outbound, changed Outbound NAT Mode from Manual Outbound NAT to Automatic Outbound NAT. pfsense added 2 rules in which a WireGuard Interface takes OPT4 address space as source. (along with LAN address space).

          Quick and easy. Maybe adding manual rules is a next part of learning curve.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.