Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to connect to devices on LAN

    Scheduled Pinned Locked Moved
    WireGuard
    3
    6
    137
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      droidus
      last edited by

      I have WireGuard running on my pfSense router. When I connect to my WG VPN, I can connect to the internet, but not devices internally. Here's what my .conf file looks like:

      `[Interface]

      Address = <my internal vpn ip>/32

      DNS = <dns internal server ip>

      PrivateKey = <client private key that was generated>

      [Peer]

      PublicKey = <pubkey from router>

      PresharedKey = <generated from router>

      AllowedIPs = 0.0.0.0/0

      Endpoint = <router public ip>:51820`

      Bob.DigB D 2 Replies Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @droidus
        last edited by

        @droidus Looks like you have a rule problem in pfSense, not a WireGuard problem, so most probably misconfiguration of rules.

        D 3 Replies Last reply Reply Quote 0
        • D
          droidus @Bob.Dig
          last edited by

          @Bob-Dig I have it working on my phone. I am able to connect to devices on my LAN.

          1 Reply Last reply Reply Quote 0
          • D
            droidus @Bob.Dig
            last edited by droidus

            @Bob-Dig When I look at the status of the client, the handshake color is yellow. And the last handshake was over an hour ago, even though I connected more recently. rx/tx are in MiB, so there's something going on.

            EDIT:
            I also notice if it successfully connects, wlp0s20f3 will have an ip of 192.168.211.x rather than 192.168.1.x.

            1 Reply Last reply Reply Quote 0
            • D
              droidus @Bob.Dig
              last edited by

              @Bob-Dig So it gets weirder. When I connect using my peer's .conf file via the hotspot on my phone, I can connect to the devices on my lan. It shows on pfsense that my device is connected. But when I connect using the same .conf file via my home's wifi, I can't connect to anything internally. It seems like there's a relationship b/w the .conf file and my phone?....

              1 Reply Last reply Reply Quote 0
              • D
                DD4711 @droidus
                last edited by DD4711

                @droidus

                Hello,

                I have a similar problem with setting up a new wireguard "client".

                Wireguard is running for a longer time with some clients connecting to home network. There are Androids and Linux Mint devices. All connect through a full tunnel.

                I added a new Linux Mint device. As always, same config (besides the keys...). The client is able to connect to pfsense, connect to the internet via tunnel BUT can't connect to any services hosted in my home network.

                Some important configs in my environment:

                Wireguard config file for my Linux Mint clients:

                [Interface]
Address = 192.168.200.20/32
PrivateKey = 1234
DNS = 192.168.1.1

[Peer]
PublicKey = 2222
PresharedKey = 3333
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = example.domain:51820
PersistentKeepalive = 15

                -> DNS is my pfsense.

                DNS Resolver is enabled. No other DNS connection (e.g. 8.8.8.8) are allowed.

                Firewall logs show only connections to pfsense:53, to visited sites in the internet but no connections to local services in my home lan. I can't see any blocked packets of the attempt to connect
                .
                There are no states visible between any local service and the client.

                I even restarted pfsense.

                Any ideas what to check to fix this?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.