Cant reach other LAN subnet via WG

johnytb

Hey
My home LAN behind the ISP router is 10.100.102.0/24 .
I have pfSense behind my ISP router in a LAN subnet 10.100.102.111 ( pfSense WAN )
My pfSense LAN is 192.168.1.1
My WG tunnel interface is 192.168.10.1

I setup WG successfully and i can connect my WG interface tunnel from outside no problem. of course i port forwarding from ISP Router to the pfSense wan. I can reach all LAN's behind the pfSense from outside with no problem but i want also to reach my home LAN 10.100.102.0/24 .
When im connected via WG i cannot reach my LAN subnet 10.100.102.0/24 - this LAN is behind the ISP router and NOT under the pfSense LAN's . I need to reach that subnet. What can i do ?
I cannot ping or reach my ISP router via 10.100.102.1 and no other device in that subnet .

please look at the uploaded image and follow the green arrow .
thanks.

viragomann

@johnytb
You need to add an outbound NAT rule for the WG tunnel network.

Firewall > NAT > Outbound
Enable the hybrid mode and save it. Then add a rule with the WG tunnel subnet as the source and WAN address as translation address.

johnytb

@viragomann
im not sure i understand where to add the rule? you mean in the outbound NAT ? or as a firewall rule ? please be more specific

viragomann

@johnytb
As I wrote, an outbound NAT rule.

Check "Hybrid Outbound NAT" and save this.
Add a rule:
interface: WAN
source: WG tunnel network
destination: WAN net
translation: interface address (WAN address)

If you intend to route also interne traffic from the client over the VPN use "any" for the destination.

johnytb

@viragomann
ok i added a rule excatly as you said and its not working

viragomann

@johnytb
Is the WAN subnet even routed over the VPN?

johnytb

@viragomann
i can reach the firewall LAN's from outside if that what you asking...
but cannot "go back" to the WAN subnets ( my home LAN 10.100.102.0/24)

Bob.Dig

@johnytb Show how your WAN is configured in pfSense.

johnytb

@Bob-Dig
here is aa image of my wan interface configuration.

Bob.Dig

@johnytb Why do you spoof MAC-address if you behind another router at home?
Outbound NAT is on automatic?

@johnytb said in Cant reach other LAN subnet via WG:

When im connected via WG i cannot reach my LAN subnet

Where are you if this happens? What is your WAN-IP on your device if this happens.

johnytb

@Bob-Dig
outbound nat is in Hybrid mode now.
dont understand the other questions..