WG - Full tunnel problematic

dma_pf

@80scyborgninja I'm seeing a couple of things that are different in your settings than mine.

1. In the Peer settings for your Wg0 tunnel the "Peer Wireguard Address" is blank. I populated it with my tunnel network with the /24 mask as described here. So in your case I would try 10.0.10.2/24.

2. In the Interface settings in the phone's app I have 2 things that are different than you. The Address field is populated with a mask of /24, yours is set to/32. And I set my MTU value to match the MSS value set for the Wg0 interface in pfsense. I think @Slugger had you set it for 1420. I would make sure they match.

dma_pf

@80scyborgninja One other difference. In the Wg0 firewall rule I have a gateway defined instead of any. In my particular case it's my VPN provider. I'd suggest trying to set it to your WAN for now, as using PIA is going to require an additional NAT rule.

80sCyborgNinja

@dma_pf Ok I made all of the changes you suggested, but still the same problem. Are you able to ping out your WG interface using pfsense Diagnostics to 8.8.4.4? I can't do that and feel that others would probably be able to with a working setup. Thanks

dma_pf

@80scyborgninja said in WG - Full tunnel problematic:

@dma_pf Ok I made all of the changes you suggested, but still the same problem. Are you able to ping out your WG interface using pfsense Diagnostics to 8.8.4.4? I can't do that and feel that others would probably be able to with a working setup. Thanks

Yes, i just tried it and it works perfectly.

80sCyborgNinja

@dma_pf damn ok I'll try and trouble shoot that a bit. Real weird. Thanks

80sCyborgNinja

@dma_pf Hmm oddly, my WG gateway IP is the IP of my WG peer and I can't seem to change it as it is set to dynamic. Not sure if that is expected, but would explain all of my issues I think. Thanks

dma_pf

@80scyborgninja said in WG - Full tunnel problematic:

@dma_pf Hmm oddly, my WG gateway IP is the IP of my WG peer and I can't seem to change it as it is set to dynamic. Not sure if that is expected, but would explain all of my issues I think. Thanks

Mine looks the same way.

Not sure why it would show the Peer address instead of 10.0.9.1. Nonetheless, it's working for me.

80sCyborgNinja

@dma_pf @Slugger Ok I finally found the issue, only thanks to you guys! It was a weird rule setting. Thanks to the both of you for your help! Now I have access to my LAN and WAN using my Pi-Hole DNS! Happy I didn't give up. Thanks!

dma_pf

@80scyborgninja I'm glad you stumbled on a solution that worked!

I thought that we had tried setting a rule on Wg0 like this before:

Protocol: IPv4*, Source, Source Port, Destination, Destination Port: *

If we did I'm surprised it did not work. Did you make any other changes? Did you reboot pfsense recently and had not done that before?

80sCyborgNinja

@dma_pf Yep, I did try that rule and cleared states after, also rebooted after each rule for testing. Oddly the only way I could get anything to work was with rules I have screenshoted above. Definitely very strange.

dma_pf

@80scyborgninja said in WG - Full tunnel problematic:

Definitely very strange.

Definitely a mystery here , but I am glad you got it working. And thanks for the feedback.