Wireguard and static routes
-
Hi,
I am running pfSense 21.05 with the latest experimental version of Wireguard running on a Netgate 5100. I have an external peer running on a Raspberry Pi.
I have the connection up and running, and everything is fine from the raspberry pi end. I can access the subnets on the pfsense end that I have defined in the .conf file.
But from the pfSense end I can not access the subnet on the peer. I have setup that subnet correctly in the peer definition on the pfSense end.My undestatnding (maybe incorrectly) is that the definitions in the Allowed IP fields, will create static routes to the appropriate subnet via the Wireguard interface. This is not happening. I can access the Wireguard interface on the peer, but not any subnets on the peer.
When I ssh into the pfSense Firewall and use net stat to look at static routes, I do not see any for those subnets.
To try to summarise.
pfSense Wireguard interface IP = 10.96.96.1
pfsense local LAN IP = 192.168 38.0/23
Remote peer Wiregurad interface IP = 10.96.96.10
Remove peer local LAN = 192.168.22.0/23From pfSense:
I can access 10.96.96.10
I can not access anything on the 192.168.22.0 network.From the peer:
I have access to the pfSense Wireguard interface and all devices on the LAN.
I know this must be confusing to read, but any help would be appreciated. I think my basic question here is: should pfSense be creating static routes for subnets defined in the Allowed IP's fields?
Cheers
FollyDude