• 0 Votes
    13 Posts
    522 Views
    patient0P
    @MartynK that's ok, it's a bit odd that a reboot was necessary. Maybe it was the MTU changes?
  • 0 Votes
    4 Posts
    542 Views
    S
    My eyes are having a hard time getting beyond 250.0.0.0. Just something about it. I say this as a free thinker that regularly uses 172.20.20.0 or 172.21.21.0 I'm putting my money on a DNS entry feeding a public IP address instead of an internal IP address, and therefore not trying to send the 25 out the tunnel, and then the ISP knocking down the port 25 traffic.
  • 0 Votes
    15 Posts
    2k Views
    stephenw10S
    The CPU in the 8200 is a lot more powerful so you see the widget usage in the 1100 far more. That is especially so because the refresh rate can start to hit the time taken to pull the data. Did you try the patch linked above to revert to the previous widget behaviour?
  • 0 Votes
    4 Posts
    608 Views
    A
    @Bob-Dig EDIT: Changing the default gateway under the "Routing" tab again caused the remote site to be inaccessible via the S2S VPN.
  • 0 Votes
    5 Posts
    516 Views
    A
    @Gblenn Just tested it with /31 and it works. For route-based IPsec the gateway is created automatically when you assign the tunnel to an interface. I haven't tried with /32 tho. But I tried with larger subnet like /24. I guess it's like what you said, as long as they are on the same subnet it will work. Just that for point-to-point connection with a single transit network it doesn't make sense to use something larger that contains more than 2 IPs.
  • 0 Votes
    1 Posts
    300 Views
    No one has replied
  • Wireguard and Bonjour/Avahi

    WireGuard avahi vpn wireguard
    4
    0 Votes
    4 Posts
    800 Views
    T
    @dennypage Okay thanks.
  • 0 Votes
    5 Posts
    834 Views
    H
    @Bob-Dig thanks for your feedback again! Yeah, I think they are assigned properly, unless I'm missing something here and PPPoE actually requires a different assignment. [image: 1719260898527-assigments.png] [image: 1719260903240-gateways.png] Thank you!
  • 0 Votes
    2 Posts
    392 Views
    G
    @Ratfink Connecting two sites with Wireguard VPN is absolutely doable, and you don't even need fixed IP's for it to work. When you say you have 5 fixed IP's from your ISP, I'm kind of assuming you have your office at your house? Meaning they are both connected to the same fibre? Otherwise, if they are at very different locations, is it still the same ISP? In terms of getting the IP's on the respective pfsense machines, I assume you know how or have instructions from the ISP to do this. Might be MAC based if DHCP for example... Anyway, running pfsense on repurposed HW is very common and can be done "barebone" or virtualized. So you shouldn't have any problems getting to to work on your rack servers, hopefully. So step one is of course getting both machines up and running. And since they will be for different sites and connected via VPN you must make sure to use different LAN subnets on them. Like 192.168.1.0/24 on one and 192.168.2.0/24 on the other. Once you have them up and running you can follow a guide like one of these to set up wireguard. Even though you have fixed IP's it might be a good idea to get two domains, unless you already have that. https://www.youtube.com/watch?v=2oe7rTMFmqc https://www.youtube.com/watch?v=7_gLPyipFkk
  • 0 Votes
    13 Posts
    2k Views
    T
    Finally! The solution was creating a firewall rule that route the traffic of my Bridge interface through the gateway i have created for the wireguard client.
  • 0 Votes
    1 Posts
    681 Views
    No one has replied
  • Port Forward over VPN not working....

    NAT port forward wireguard vpn
    5
    0 Votes
    5 Posts
    894 Views
    V
    @JustAnotherUser said in Port Forward over VPN not working....: If you want to go over WAN anyway, assign an interface to the wg instance and enable it at site 2. This brings up a new firewall rule tab for it then. Now go to the "Wireguard" tab, edit the existing rules and change the interface to the new one. I'm not sure what you mean by your last sentence but, I've done the rest. You mean, changing the interface in the filter rule? In Firewall > Rules you will see a tab called "Wireguard". pfSense might have created a rule on this tab automatically, when you set up the Wireguard tunnel. So go to this tab and edit the existing rule and change the interface from "Wireguard" to the interface, which you have assigned to the Wireguard instance before. Then the rule disappears from the Wireguard tab and appear on the new interface tab. Also in the WG settings on router 2 you have to change the "allowed IPs" to 0.0.0.0/0 to accept public forwarded traffic.
  • 0 Votes
    4 Posts
    1k Views
    D
    @FoolCoconut said in Wireguard + Port Forwarding = Return Traffic exiting through WAN???: Holy f**k. The problem was an any/any rule in the Wireguard unasigned tunnel firewall rule list. Even though the AirVPN WG interface was assigned, group rules are evaluated first... Hope this helps someone else as well. @FoolCoconut THANK you. ive been trying to figure this out for a very long time.
  • Can't get Wireguard to work

    WireGuard wireguard
    4
    0 Votes
    4 Posts
    730 Views
    H
    @hspindel Update, finally got the VPN tunnel to work!
  • 0 Votes
    3 Posts
    1k Views
    S
    Couldn't get dante to work until I found this. For those of you sportsfans keeping score at home, this is still valid/needed for pfSense version 2.7.2-CE and dante-1.4.3_2 circa 2/2025.
  • 0 Votes
    29 Posts
    5k Views
    Bob.DigB
    @Gertjan said in How do I route outgoing email over WireGuard Tunnel?: Of course I use have DANE available and set up : I just noticed I had to recreate the TLSA records, something with Let's Encrypt must have changed. I hope I am good now for some time...
  • 0 Votes
    8 Posts
    6k Views
    stephenw10S
    Yup, those devices are probably not trying to resolve .local addresses using DNS servers at all. They assume they are mDNS and try to find them locally.
  • Wireguard and 23.01

    Moved WireGuard wireguard releases
    5
    0 Votes
    5 Posts
    1k Views
    H
    @jimp Thank you! Sorry I didn't run across this in my reviews of other forums. That was EXACTLY what I was looking for!
  • Strange login from another country

    WireGuard wireguard
    5
    0 Votes
    5 Posts
    1k Views
    P
    @bob-dig said in Strange login from another country: @pastic said in Strange login from another country: I realise something as I write this: are there 'two levels' involved here? The wireguard rule will let everyone through the firewall on the specified port, but having passed the firewall block then the wireguard service will still refuse everyone that does not have the configured keys? Yes. Hard to believe that this is news to you, you are setting up a graylog server, which is advanced stuff in my book. Let's call it a blind spot. :-) I don't work with networks, it's just a hobby. And until this Wireguard 'project' I always had pfsense blocking everything from the outside. And yes, I did struggle a bit setting up graylog, but it was fun. Thanks!
  • 0 Votes
    1 Posts
    386 Views
    No one has replied