Can’t access LAN from iPhone WG app
-
I am new to Wireguard and Pfsense. I have setup my home lab and would like to access my file server when on the road via my iPhone. I followed Lawrence Systems excellent video to setup Wireguard.
The weird thing is that I can establish the connection (green handshake) and can ping my server’s IP initially, but after a few moments, it stops working, I can no longer ping it or access it.
I followed the setup to the letter but I am at a loss and scratching my head.
Any help would be appreciated. -
@hfederau I used many years ago, Wireguard for to dial into my homeLab, but on these old days, I have been on OpenWRT, it worked well.
Just a Tip:
Now since I am on pfsense since aprox 2 years, I went to Tailscale (also a Wireguard Solution) that is nice to handle, easy to manage, and offers clients for iOS, and sure too for Android, and also for Linux, Windows, MacOS.... and less hassle.Im connecting every day to my internal smb server via Tailscale, from iOS and MacOS devices, and its working nice, can recommend it
The pkg package of Tailscale are officially avaiable through pfsense Packagemanager...
-
@TommyMoo Thank you Tommy. Seems to be a good option. Only thing I don’t like about it is that a 3rd party is managing my VPN connection and “might” scan traffic, but I guess that is the tradeoff :)
-
@hfederau Hello, and a good weekend! I saw a Tailscale "clone" called Headscale.... you can also host it yourself, having a own Headscale server, that offers same features as Tailscale. Has also a web control center, but then hosted by you!
I know, many people, are using Tailscale, never heard of anybody, also not in the IT Press, that Tailscale is beeing monitored by third party companys, or that they scan your content. But I understand your concern... in this world, we sadly, cant trust noone anymore
Headscale info here. if you want to read more ->
https://github.com/juanfont/headscale
By the way, also on youtube, are good videos about Headscale, explaining it.
Good Luck!
-
@TommyMoo Thank you Tommy, really appreciate it. I will definitely take a look at Headscale. I really like the fact that it can be self-hosted. Will give it a try for sure. Have a great weekend as well :)
-
@hfederau Thank you, when you got it done, let me know, Im always curious .. wish you good luck, but luck, in IT doesnt matter so much, more the strict following of the instructiions we can find&read, and understand, for to get things (proyects) to work, and then care for the "fineTuning"
-
@TommyMoo Hi Tommy, I decided to start with Tailscale first to get acquainted with the technology before moving over to Headscale, however, I am still not able to connect to my local subnet for some reason.
I have installed everything and the Tailscale web interface shows both my iPhone and my pfSense as connected. I thought I had added my subnet in the pfSense settings screen, but I cannot access my file server (scratching my head)... -
@hfederau Hello, have you enabled your ip-subnet in the Tailscale control center in Edit Route Settings you need to add your subnet which allows tailscale to use / route to?
when I connect from my iphone, I use not name resolution, but ip of my server which looks like this as an example, I use an app called FE File Explorer Pro on iOS
where I add the server IP I want to reach under SMB protocoll, port 445, and login and pw
Maybe its requiered, you reboot every device you installed Tailscale on
-
@TommyMoo Yes, I added it in pfSense and checked it on the Tailscale web interface. The subnet I am trying to access is 10.25.25.0/24. I added it under the “Advertised routes” in pfSense.
The file server has a web interface (TrueNas), but I cannot reach it when I enter the IP in my iPhone browser... -
@hfederau In tailscale control Center, are All devices are approved? and KeyExpiry is disableed for your trusted devices?
-
@TommyMoo They show as connected and I disabled Key Expiry. I am starting to think that my ISP is blocking this sort of traffic, maybe because I am a home user...
-
@hfederau Which Tailscale Version is running on your pfsense? mine is ->
-
@hfederau when you check in ControllCenter of Tailscale green Online status indicators behind your devices...things should be OK...and your ISP doesnt block...
-
@TommyMoo Yes, they show green. Is there anything in the Firewall rules I need to change?
-
@hfederau In your Pfsense Tailscale Menu, you can check STATUS, and see the routes and which ping times, they have.... please check
-
@hfederau I didnt had to do anything in my firewall settings for Taislcale work....
-
@TommyMoo Hmmm…I get the following in the Status screen
Health check:
- Tailscale could not connect to the 'Denver' relay server. Your Internet connection might be down, or the server might be temporarily unavailable.
Report:
* Time: 2025-09-20T19:46:44.486120521Z
* UDP: false
* IPv4: (no addr found)
* IPv6: no, but OS has support
* MappingVariesByDestIP:
* PortMapping:
* CaptivePortal: false
* Nearest DERP: unknown (no response to latency probes) -
@hfederau one more idea I have, can you check, if Taislcale is avaiable for your NAS system? Maybe it has a package manager, or LINUX OS on which you can install Tailscale directly...and connect it to your accounts Tailscale Control Center
-
@hfederau Oh, the Health Test failed... right now, dont know what to say, maybe ther server or your relay, is really down temporaly..
Mine looks like this ->
Report:
* Time: 2025-09-20T19:44:47.132521063Z
* UDP: true
* IPv4: yes, 91.XX.XX.55:61638
* IPv6: no, but OS has support
* MappingVariesByDestIP: false
* PortMapping:
* Nearest DERP: Frankfurt
* DERP latency:
- fra: 25.4ms (Frankfurt)
- nue: 27.5ms (Nuremberg)
- ams: 30.8ms (Amsterdam)
- par: 38.3ms (Paris)
- lhr: 43.5ms (London)
- hel: 47.7ms (Helsinki)
- waw: 49.4ms (Warsaw)
- mad: 54.7ms (Madrid)
- nyc: 107.1ms (New York City)
- iad: 112.3ms (Ashburn)
- tor: 121.7ms (Toronto)
- ord: 125.7ms (Chicago)
- mia: 131.7ms (Miami)
- dfw: 142.2ms (Dallas)
- sfo: 167ms (San Francisco)
- den: 171ms (Denver)
- lax: 173ms (Los Angeles)
- sea: 187.6ms (Seattle)
- nai: 189.4ms (Nairobi)
- jnb: 202ms (Johannesburg)
- hnl: 226.5ms (Honolulu)
- sao: 247ms (São Paulo)
- sin: (Singapore)
- syd: (Sydney)
- blr: (Bangalore)
- tok: (Tokyo)
- hkg: (Hong Kong)
- dbi: (Dubai)
Its a Mesh Network, it should work, and fall back to another node when your Denver relay would be down... Im wondering...
-
@hfederau If I compare, you dont even have an IPv4 adress that Tailcale is using...strange... so it cant work, for some reason, it doesnt get an IPv4 adress of your WAN interface
