Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard Routing help - 1 way working only

    Scheduled Pinned Locked Moved WireGuard
    14 Posts 2 Posters 246 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • patient0P Offline
      patient0 @andresbraga
      last edited by

      @andresbraga you have firewall rules in for LAN to allow to access the Wireguard subnet and in WIREGUARD or WG0 you rules to allow access to the LAN subnet?

      Can you post a screenshot of the rules sets?

      A 1 Reply Last reply Reply Quote 0
      • A Offline
        andresbraga @patient0
        last edited by

        Hi @patient0,
        Thank you for the patience,
        Thew only rule that I have in LAN is this one:
        4f6be282-09e6-4245-88ac-6691ecd71b01-image.png

        But now that you say it makes sense.

        patient0P 1 Reply Last reply Reply Quote 0
        • patient0P Offline
          patient0 @andresbraga
          last edited by patient0

          @andresbraga yep, the rules are (except on floating rules) working for traffic into an interface. 'into' LAN means traffic origination from LAN, for example. 'into' WIREGUARD would refer to traffic originating from the Wireguard interface.

          Therefore you would need a rule or rules on the WIREGUARD interface for traffic originating from it.

          Btw: have you cropped the LAN rules? There should be a 'Allow All' rule on the LAN interface (that is created by the installer).

          A 1 Reply Last reply Reply Quote 0
          • A Offline
            andresbraga @patient0
            last edited by

            Hi again @patient0,
            No, I didn't. An yeah I deleted all the rules here for this Wireguard tests.

            A 1 Reply Last reply Reply Quote 0
            • A Offline
              andresbraga @andresbraga
              last edited by

              Also Wireguard, only this rule:
              e3d43645-b317-4434-81f4-3394f15bd876-image.png

              patient0P 1 Reply Last reply Reply Quote 0
              • patient0P Offline
                patient0 @andresbraga
                last edited by

                @andresbraga that looks good, the same is needed for LAN.

                A 1 Reply Last reply Reply Quote 0
                • A Offline
                  andresbraga @patient0
                  last edited by

                  Hi again @patient0,
                  Sorry to bother, already added but still the same issue.
                  0c2b7578-b3d2-481e-9804-2c7cd634a2e2-image.png

                  Laptop can ping the server in the pfsense network but not the Wireguard
                  f4f57aeb-7c80-407c-a0b4-ba74bffb0714-image.png

                  7c6ef05c-9b95-4efb-9537-25772867ad7e-image.png

                  Also, Server cannot ping the laptop but can ping the wireguard:
                  ddfceaf9-4883-4190-840d-a3e31e522e47-image.png

                  Any more suggestions? Thank you,

                  A 1 Reply Last reply Reply Quote 0
                  • A Offline
                    andresbraga @andresbraga
                    last edited by

                    Hi again, an once again sorry to bother.
                    Also, the Peer can ping the Server IP but not the Wireguard IP, same with I try to ping from Wireguard the peer - not successful.

                    Other question is, if the handshake is successful should not this work?

                    patient0P 1 Reply Last reply Reply Quote 0
                    • patient0P Offline
                      patient0 @andresbraga
                      last edited by

                      @andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1

                      What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.

                      A 1 Reply Last reply Reply Quote 0
                      • A Offline
                        andresbraga @patient0
                        last edited by

                        Hi @patient0,
                        Already fixed :) reset and preformed a full new installation.
                        The peer can connect and performed a successful Handshake, and ping pfsense, wireguard and lan servers. However psfsense and my Lan servers can't ping this peer even with the handshake performed.
                        I know that ping can be misleading but don't now what else.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.