Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    WireGuard as VPN server

    WireGuard
    3
    9
    451
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tquade last edited by

      Seems most of the discussion in this forum is regarding WireGuard as a client connecting to a VPN service provider.

      I want to set up WireGuard as a server so remote clients can connect to my pfSense appliance to access the local subnet and the internet. I have not had any success. The remote peer is communicating with the pfSence tunnel (periodic handshake) but I am unable to get traffic to/from the subnet or internet.

      Direction is appreciated. I can provide screen shots of the WireGuard config along with firewall stuff.

      I am on pfSense 2.6.0-Development and WireGuard 0.0.9

      Please advise.
      Ted Quade

      cmcdonald KOM 2 Replies Last reply Reply Quote 0
      • cmcdonald
        cmcdonald Netgate Developer @tquade last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • KOM
          KOM @tquade last edited by

          @tquade said in WireGuard as VPN server:

          but I am unable to get traffic to/from the subnet or internet.

          Do you have any rules on your Wireguard rules tab?

          T 1 Reply Last reply Reply Quote 0
          • T
            tquade @KOM last edited by

            @kom Web capture_12-5-2021_112747_192.168.177.1.jpeg

            KOM 1 Reply Last reply Reply Quote 0
            • KOM
              KOM @tquade last edited by

              @tquade That rule isn't getting any hits. I don't know anything about the new wg config so I can't help you about that specifically but I remember some of the old on before it got pulled. Maybe you have something wrong in your config? Post screens with your keys obscured and maybe something obvious will appear.

              cmcdonald 1 Reply Last reply Reply Quote 0
              • cmcdonald
                cmcdonald Netgate Developer @KOM last edited by

                @kom 2.6.0 isn't reporting state counts next to firewall rules...its been an ongoing bug for a long time in the 2.6 branch.

                @tquade I would recommend trying a few things (all of which have been addressed internally and will be in the next release)

                • If your clients are using Unbound, please create an Unbound ACL allowing your tunnel network. Services > DNS Resolver > Access Lists
                • Clear your states and reload the filter
                T 1 Reply Last reply Reply Quote 0
                • T
                  tquade @cmcdonald last edited by

                  @theonemcdonald

                  Access lists did not resolve the matter.

                  Ted Quade

                  cmcdonald 1 Reply Last reply Reply Quote 0
                  • cmcdonald
                    cmcdonald Netgate Developer @tquade last edited by

                    @tquade What does the allowed IPs look like on your server and your clients?

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      tquade @cmcdonald last edited by tquade

                      @theonemcdonald

                      Your question tickled the appropriate neuron. I had the wrong server ip address. Once corrected, access to the local subnet was established but no internet. I then went over to firewall outbound nat and noted that there were automatic rules for openvpn and ipsec but not for wireguard. I switched mode to hybrid, entered and saved the new rule and now have access to the internet.

                      Thanks for your help.

                      Ted Quade

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post