Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard VPN server on pfsense

    Off-Topic & Non-Support Discussion
    3
    4
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alirz
      last edited by alirz

      Looking to get some input from someone who Got the wireguard vpn running successfully on pfsense.

      closen19C 1 Reply Last reply Reply Quote 0
      • closen19C
        closen19 @alirz
        last edited by closen19

        @alirz said in Wireguard VPN server on pfsense:

        Looking to get some input from someone who Got the wireguard vpn running successfully on pfsense.

        I use it and I like everything

        A 1 Reply Last reply Reply Quote 0
        • A
          alirz @closen19
          last edited by

          @Ascrod It looks like I'm almost there. But missing some routing.
          Here is my setup.

          Pfsense WG config: I've hidden real keys. But still showing which keys are used where

          [Interface]
# Generated by pfSense
Address = 10.100.100.1/24
ListenPort = 51830
DNS = 10.0.0.1                             <----- Pfsense local LAN IP
PrivateKey = xxxxxxxxxxxxxxxx

[Peer]
# phone
PublicKey = cccccccccccccccccc
AllowedIPs = 10.100.100.2/32

[Peer]
# IPAD
PublicKey = vvvvvvvvvvvvvvvvv
AllowedIPs = 10.100.100.3/32

          Client config of Android Phone

          [Interface]
Address = 10.100.100.2/32
DNS = 10.100.100.1
PrivateKey = dddddddddddddd

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = my_ddns.com:51830
PersistentKeepalive = 21
PublicKey = cccccccccccccccccc

          Now im not sure which and where i need to add the rule for the vpn interface. Is it under NAT and port forward from WAN to OPT4 Address? OR is it under NAT> Outbound?
          Note my above config works fine if i move that to my ubuntu wireguard server and simply forward UDP port 51830 from pfsense to my ubuntu machine IP.. NOTE: For testing purpose im using the same private and public keys on my ubuntu wireguard server and this one im trying to setup on the PF box. I believe that should not be an issue? Thanks for your help

          TunWG0 interface

          I tried the following rule but i dont think thats correct
          NAT Rule

          If i tcpdump on my pfsense internet side(WAN) interface, i see constant incoming connection attempts from phone and then the pfsense reponding back to the phone from the WAN interface.
          But if I trace on the TUNWG0 interface i only 1 request from 10.100.100.2(Phones vpn ip) to the pf sense WAN inteface.
          This is the furthest ive been able to get now. From the pfsense and from my LAN devices, i can ping the phone's vpn ip(10.100.100.2) but thats it. I cannot ping LAN IPs, lan DNS, 8.8.8.8 etc from the phone.

          1 Reply Last reply Reply Quote 0
          • W
            wefbee Banned
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • First post
              Last post