• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wireguard remote access

Scheduled Pinned Locked Moved WireGuard
11 Posts 2 Posters 793 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chinchun
    last edited by Jan 5, 2023, 9:27 AM

    Hello everyone, I need some help here.
    Recently I reinstalled my pfsense, and reconfiged wireguard remote access. It works before but now it does not. I can not access pfsense through wireguard, weird thing is it works when pfsense lan port is connected, but if I disconnect lan port it stop working, I can't access pfsense. So please help .
    9a5e46cb-0267-4f0c-b859-95d5e4e0dae8-image.png
    c5753023-fc37-468b-9c9e-4a2d7b67d87f-image.png
    f51f2578-0afe-4d79-8387-a0b5cd87d03b-image.png
    6bdfd123-2dd8-435d-8aba-5af4ea4fa738-image.png
    46e552cb-609b-456d-ae34-00cab8bd0f69-image.png

    B 1 Reply Last reply Jan 5, 2023, 12:10 PM Reply Quote 0
    • B
      Bob.Dig LAYER 8 @chinchun
      last edited by Bob.Dig Jan 5, 2023, 12:12 PM Jan 5, 2023, 12:10 PM

      @chinchun Show WireGuard Settings please.
      Maybe you have to assign an interface for that tunnel.

      C 1 Reply Last reply Jan 5, 2023, 1:34 PM Reply Quote 0
      • C
        chinchun @Bob.Dig
        last edited by Jan 5, 2023, 1:34 PM

        @bob-dig Thank you for your reply, tried that, no luck.
        13870688-bb48-4f82-8c04-b12b922f9b0b-image.png
        0ac60473-1ef4-47d3-a3d3-dccf0dcd611c-image.png

        B 1 Reply Last reply Jan 5, 2023, 1:38 PM Reply Quote 0
        • B
          Bob.Dig LAYER 8 @chinchun
          last edited by Bob.Dig Jan 5, 2023, 1:39 PM Jan 5, 2023, 1:38 PM

          @chinchun I meant WG-Settings in pfSense. Now looking at your phone, try 0.0.0.0/0 as allowed IP in there and report back if this will work then.

          C 1 Reply Last reply Jan 5, 2023, 1:48 PM Reply Quote 0
          • C
            chinchun @Bob.Dig
            last edited by Jan 5, 2023, 1:48 PM

            @bob-dig e4ce503e-7e38-4fcf-b3e6-17021d8321e7-image.png
            Allowed IPs set to 0.0.0.0/0 on my phone, still not working. This is realy weird, as soon as I connect pfsense to some device, eg. my laptop, it works, I can access pfsense from my phone throuh. But if LAN connect to no device, it stop working.

            B 1 Reply Last reply Jan 5, 2023, 1:50 PM Reply Quote 0
            • B
              Bob.Dig LAYER 8 @chinchun
              last edited by Bob.Dig Jan 5, 2023, 1:55 PM Jan 5, 2023, 1:50 PM

              @chinchun Ok, you are trying to access pfSense only via the LAN-IP-address. But pfSense is listening on all interfaces. So try to connect via an interface-address that is connected. The best one would be the IP-address 10.254.1.1 but technically you could use any pfSense-address that is "online".

              If you would use a real switch on LAN, the interface would be up and you could connect even to the LAN-address but it is irrelevant which address you use.

              C 1 Reply Last reply Jan 5, 2023, 2:07 PM Reply Quote 0
              • C
                chinchun @Bob.Dig
                last edited by Jan 5, 2023, 2:07 PM

                @bob-dig Access through 10.254.1.1 is working. Thanks! So basicly I can only access pfsense through whichever interface is up right? If interface is down, I can not access through it? By the way, is there any option to set pfsense only listen on LAN interface?

                B 1 Reply Last reply Jan 5, 2023, 2:11 PM Reply Quote 0
                • B
                  Bob.Dig LAYER 8 @chinchun
                  last edited by Bob.Dig Jan 5, 2023, 2:25 PM Jan 5, 2023, 2:11 PM

                  @chinchun said in Wireguard remote access:

                  is there any option to set pfsense only listen on LAN interface?

                  No, you have to make rules on all the interfaces to allow and or block access to pfSense.
                  One common rule to create for this looks like this:
                  Capture.PNG

                  But you might want to add a DNS rule before that if clients should access the DNS-server on pfSense.

                  C 1 Reply Last reply Jan 5, 2023, 2:21 PM Reply Quote 1
                  • C
                    chinchun @Bob.Dig
                    last edited by Jan 5, 2023, 2:21 PM

                    @bob-dig Thank you! Got it.

                    B 1 Reply Last reply Jan 5, 2023, 2:27 PM Reply Quote 0
                    • B
                      Bob.Dig LAYER 8 @chinchun
                      last edited by Bob.Dig Jan 5, 2023, 2:28 PM Jan 5, 2023, 2:27 PM

                      @chinchun I updated the screenshot above so that the rule is more secure and can be copied easily to other interfaces.

                      C 1 Reply Last reply Jan 6, 2023, 5:48 AM Reply Quote 0
                      • C
                        chinchun @Bob.Dig
                        last edited by Jan 6, 2023, 5:48 AM

                        @bob-dig Thank you very much! I will try that.

                        1 Reply Last reply Reply Quote 0
                        11 out of 11
                        • First post
                          11/11
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received