WG - FULL NAT not routing traffic
-
I have setup WG on pfsense.
the split tunnel works fine. i'm able to connect to WG and access stuff on the other side
I also wanted a FULL NAT and set it up. I am able to access stuff on the other side., but i have no Internet connection. I cannot use the tunnel to get out to the internet thro the remote side
any ideas to make this work? do i need to add any other routing rules?
PS: I have installed WG on an ubuntu vm on the remote side & that works fine. the config is pretty much the same, except the fact that i add some route
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADEmy configs
# This WireGuard config file has been created automatically. Do not edit! # Description: MZCHNWG [Interface] PrivateKey = <force> ListenPort = 51820 # Peer: RoadWarrior - Split [Peer] PublicKey = roadwarrior-split AllowedIPs = 10.10.10.3/24 PersistentKeepalive = 25 # Peer: RoadWarrior- FULL [Peer] PublicKey = roadwarrior-full AllowedIPs = 10.10.10.4/24 PersistentKeepalive = 25 FULL NAT Client Config file [Interface] PrivateKey = pvtkey Address = 10.10.10.4/24 DNS = 10.10.10.1 [Peer] PublicKey = publickey-server AllowedIPs = 0.0.0.0/0 Endpoint = 1.2.3.4:51820 PersistentKeepalive = 25I have set up an interface
I have the WAN rules
this is what is in my routing page
-
@yodaphone The internet in the Split Tunnel Mode works fine though
-
@yodaphone
I solved it by adding a NAT Outbound rule from the WG IP Subnet Manually. Not sure if this is a good practice though. Please do let me know if this is ok to do?
-
@yodaphone I'd like to know this answer too. I have been having trouble getting wiregaurd to pass any traffic for a for a single remote peer. Unfortunately, this nat rule did not resolve the problem.