One tunnel multiple peers?
-
On the client computer side, what is the output of "route print -4" ?
-
@f-meunier route is available in OS X but not like that... :) No idea what do you want outputted? ;)
-
@swemattias
let me check the equivalent command in OSX... -
netstat -rn
-
the routes to 172.16.16.0/24 and 10.0.0.0/24 should appear in the list
-
@f-meunier This is what I get out cut out the lines with the right info in them:
10.0.0/24 link#16 UCS utun5 127 127.0.0.1 UCS lo0 127.0.0.1 127.0.0.1 UH lo0 172.16.16/24 172.16.16.1 UGSc utun5 172.16.16.1 172.16.16.1 UH utun5
-
@swemattias
well, your tunnel seems effectively up, and the routes are there.
what is the pfSense config of LAN interface ? 4th byte of 10.0.0.x address ? -
can you give the pfSense STATUS > Wireguard
(click on Show peers to see the details) -
One last check on WG_INTERFACE
Verify that "Block private networks and loopback addresses" and "Block bogon networks" are UNCHECKED
-
nevertheless, ping 172.16.16.254 should work...
-
what is curious :
route 10.0.0.0/24 should be accessible through a gateway -> flag " G" missing.really need to know your macOSX LAN IP...
also can you explain "I can surf and write this through this tunnel, but I cannot reach the inside."
-
set up a debian client to check
Got a route to wg subnet and pfSense (172.16.16.254 in your case)
Had no route to the remote LAN subnet (10.0.0.0/24 in your case)
(bizarre since it's in the WG client config !)Eventually, I manually added the route to 10.0.0.0/24
ip route add 10.0.0.0/24 dev wg0Now I can ping a machine in subnet 10.0.0.0/24
I will check why the route is not automatically added in the routing table even though it is present in AllowedIPs list...
It IS automatically added on windows client... -
Succeeded (on linux) using wg-quick tool
(it creates the interfaces, assigns IP and creates routes)fm@debian11:~$ wg-quick up /home/fm/wg0.conf [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 192.168.201.3/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] ip -4 route add 10.0.0.0/24 dev wg0
-
@f-meunier Thanks for all the help! It took days before I had time to return to this by then I remembered a video I watched that really explained this to me... and I found it. So now I have a working Wireguard setup using pfSense as the server.
This is the video:
Lawrence system on Wireguard remote home -
@swemattias
Glad to sse you got through !For the record (and the community) could you tell us what was wrong initially ?
-
@f-meunier I wish I knew... some miss config from my part. If I had to guess I would say I mixed up the keys...
The video also shows how do do the original question of this thread, one tunnel multiple peers. -
@swemattias
Yes, multiple peers with the same goal / security rules = 1 tunnel, x peersI shall advise multiple tunnels only when you have different populations of peers (let's say internal users, external users or customers, etc.)
Have a nice day !