Traffic does not switch to Wireguard from WAN
-
I am on PFsense Plus 25.07.1 and I am trying to setup my VPN's wireguard and at first it worked now it will not.
Once I set up WireGuard for the first time, it all worked. I could toggle on and off the WireGuard and everything would work as it should, so I made a backup of the system.
A few days later, after I rebooted PFsense, the writeguard came on but it disabled the Unbound DNS. and when I went to enable it, I still would not get any traffic. Once I disable Wireguard, I'll get internet again.
I went and reinstalled the backup and same thing, it does not work.
The VPN I am using is TORguard, and I had the techs from TORguard remotely into my machine to set it up, and they have the same issue. they can ping their VPN traffic out and they can Ping my IPS traffic but there is a bug with switching between the two.
Can anyone on here help me with this?
QuantumParadox
-
Is your public interface a static or moderate NAT? in facing or out. Try switching from static to strict NAT and checking all the settings both on the pfsense and server. Try tagging the lan outbound to the vpn interface too. glhf with wireguard
-
@QuantumParadox maybe also add wireguard's interface ip addresses to unbound's whitelist too
-
resolved! Issue was the following I corrected a few things on your config:
Your Outbound NAT configuration was malformed. I corrected it to utilize Hybrid mode and configured a single Outbound NAT for your Wireguard connection, which should be much cleaner. I updated your routing table to be Automatic and switched to Policy-based routing within the firewall rules under Firewall --> Rules --> LAN I updated the name of the interface for the Wireguard tunnel to be called TORGUARD and set the MSS clamping to 1350. This can probably be bumped back up to 1400, but I wanted to make sure the clamping was small enough to avoid fragmentation. I cleaned up some redundant firewall rules and a few other "odds and ends".
