Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard and static routes

    Scheduled Pinned Locked Moved
    WireGuard
    1
    1
    480
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FollyDude 0
      last edited by

      Hi,

      I am running pfSense 21.05 with the latest experimental version of Wireguard running on a Netgate 5100. I have an external peer running on a Raspberry Pi.

      I have the connection up and running, and everything is fine from the raspberry pi end. I can access the subnets on the pfsense end that I have defined in the .conf file.
      But from the pfSense end I can not access the subnet on the peer. I have setup that subnet correctly in the peer definition on the pfSense end.

      My undestatnding (maybe incorrectly) is that the definitions in the Allowed IP fields, will create static routes to the appropriate subnet via the Wireguard interface. This is not happening. I can access the Wireguard interface on the peer, but not any subnets on the peer.

      When I ssh into the pfSense Firewall and use net stat to look at static routes, I do not see any for those subnets.

      To try to summarise.

      pfSense Wireguard interface IP = 10.96.96.1
      pfsense local LAN IP = 192.168 38.0/23
      Remote peer Wiregurad interface IP = 10.96.96.10
      Remove peer local LAN = 192.168.22.0/23

      From pfSense:

      I can access 10.96.96.10
      I can not access anything on the 192.168.22.0 network.

      From the peer:

      I have access to the pfSense Wireguard interface and all devices on the LAN.

      I know this must be confusing to read, but any help would be appreciated. I think my basic question here is: should pfSense be creating static routes for subnets defined in the Allowed IP's fields?

      Cheers

      FollyDude

      1 Reply Last reply Reply Quote 1
      • First post
        Last post