2.5.2 interface not configured
-
Hi. Using pfSense 2.5.2 and Wireguard package I configured a Wireguard client using the following recepie https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html.
A difference that I noticed was that IP address was not added to interface automatically (WG_VPN in the recepie). Interface did not have any IP address (IPv4 Configuration Type = None). There were also no GW created (WG_VPN_WGV4).
I had to set static IP and create GW manually to get it working. Is this a bug in the Wireguard package or a fault in the recepie?
-
I would like to know what's up here too.
I tried following those exact instructions and nothing worked in the end. I have seen on other guides you need to assign an interface for it to work but I am unsure exactly why that's the case (especially since I have not had to assign any interfaces for my OpenVPN configurations and they work fine).
If you got yours working, could you just add a tiny bit more detail about what you did? I would appreciate it.
-
That documentation does not apply to the current WG package. I think the developer is working on it.
-
@jim-bob-the-grand
For the Interface WG_VPN I did the following:- Enable
Checked - IPv4 Configuration Type
Static IPv4 - MSS
1420
Ipv4 Address
The interface address in my .conf file I got from the provider. In the recipe this is tunnel address 10.6.210.2/24Then "Add a new gateway"
The gateway address I am not so sure about. This should be an address that is possible to ping only when tunnel is up. I set up Wireguard on my laptop and did a traceroute. I used the first hop address as the gateway. That worked. I guess it could be 10.6.210.2 here as well. But I haven't tried it.Save
Gateway details can be changed by System -> Routing -> WG_VPNGW -> Edit Gateway
I had to check Use non-local gateway through interface specific route. since the GW address was not in the subnet and also increase Packet Loss threshold to 50-60% since I had problem with GW failover.I hope it helps. Rest of the recipe I was able to follow if I remember correctly.
- Enable
-
@jim-bob-the-grand I've just set up with my VPN provider (vpnunlimited) and wrote an instruction here. I believe it could apply to most VPN provider: