Wireguard Routing help - 1 way working only
-
Also, can ping the 10.10.1.1(Pfsense) with the Wireguard connected but not the 10.10.6.1(Wireguard).
-
@andresbraga you have firewall rules in for LAN to allow to access the Wireguard subnet and in WIREGUARD or WG0 you rules to allow access to the LAN subnet?
Can you post a screenshot of the rules sets?
-
Hi @patient0,
Thank you for the patience,
Thew only rule that I have in LAN is this one:
But now that you say it makes sense.
-
@andresbraga yep, the rules are (except on floating rules) working for traffic into an interface. 'into' LAN means traffic origination from LAN, for example. 'into' WIREGUARD would refer to traffic originating from the Wireguard interface.
Therefore you would need a rule or rules on the WIREGUARD interface for traffic originating from it.
Btw: have you cropped the LAN rules? There should be a 'Allow All' rule on the LAN interface (that is created by the installer).
-
Hi again @patient0,
No, I didn't. An yeah I deleted all the rules here for this Wireguard tests. -
Also Wireguard, only this rule:
-
@andresbraga that looks good, the same is needed for LAN.
-
Hi again @patient0,
Sorry to bother, already added but still the same issue.
Laptop can ping the server in the pfsense network but not the Wireguard
Also, Server cannot ping the laptop but can ping the wireguard:
Any more suggestions? Thank you,
-
Hi again, an once again sorry to bother.
Also, the Peer can ping the Server IP but not the Wireguard IP, same with I try to ping from Wireguard the peer - not successful.Other question is, if the handshake is successful should not this work?
-
@andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1
What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.
