Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Wireguard remote access

    WireGuard
    2
    11
    139
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chinchun last edited by

      Hello everyone, I need some help here.
      Recently I reinstalled my pfsense, and reconfiged wireguard remote access. It works before but now it does not. I can not access pfsense through wireguard, weird thing is it works when pfsense lan port is connected, but if I disconnect lan port it stop working, I can't access pfsense. So please help .
      9a5e46cb-0267-4f0c-b859-95d5e4e0dae8-image.png
      c5753023-fc37-468b-9c9e-4a2d7b67d87f-image.png
      f51f2578-0afe-4d79-8387-a0b5cd87d03b-image.png
      6bdfd123-2dd8-435d-8aba-5af4ea4fa738-image.png
      46e552cb-609b-456d-ae34-00cab8bd0f69-image.png

      Bob.Dig 1 Reply Last reply Reply Quote 0
      • Bob.Dig
        Bob.Dig LAYER 8 @chinchun last edited by Bob.Dig

        @chinchun Show WireGuard Settings please.
        Maybe you have to assign an interface for that tunnel.

        pfSense on Hyper-V

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        C 1 Reply Last reply Reply Quote 0
        • C
          chinchun @Bob.Dig last edited by

          @bob-dig Thank you for your reply, tried that, no luck.
          13870688-bb48-4f82-8c04-b12b922f9b0b-image.png
          0ac60473-1ef4-47d3-a3d3-dccf0dcd611c-image.png

          Bob.Dig 1 Reply Last reply Reply Quote 0
          • Bob.Dig
            Bob.Dig LAYER 8 @chinchun last edited by Bob.Dig

            @chinchun I meant WG-Settings in pfSense. Now looking at your phone, try 0.0.0.0/0 as allowed IP in there and report back if this will work then.

            pfSense on Hyper-V

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            C 1 Reply Last reply Reply Quote 0
            • C
              chinchun @Bob.Dig last edited by

              @bob-dig e4ce503e-7e38-4fcf-b3e6-17021d8321e7-image.png
              Allowed IPs set to 0.0.0.0/0 on my phone, still not working. This is realy weird, as soon as I connect pfsense to some device, eg. my laptop, it works, I can access pfsense from my phone throuh. But if LAN connect to no device, it stop working.

              Bob.Dig 1 Reply Last reply Reply Quote 0
              • Bob.Dig
                Bob.Dig LAYER 8 @chinchun last edited by Bob.Dig

                @chinchun Ok, you are trying to access pfSense only via the LAN-IP-address. But pfSense is listening on all interfaces. So try to connect via an interface-address that is connected. The best one would be the IP-address 10.254.1.1 but technically you could use any pfSense-address that is "online".

                If you would use a real switch on LAN, the interface would be up and you could connect even to the LAN-address but it is irrelevant which address you use.

                pfSense on Hyper-V

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                C 1 Reply Last reply Reply Quote 0
                • C
                  chinchun @Bob.Dig last edited by

                  @bob-dig Access through 10.254.1.1 is working. Thanks! So basicly I can only access pfsense through whichever interface is up right? If interface is down, I can not access through it? By the way, is there any option to set pfsense only listen on LAN interface?

                  Bob.Dig 1 Reply Last reply Reply Quote 0
                  • Bob.Dig
                    Bob.Dig LAYER 8 @chinchun last edited by Bob.Dig

                    @chinchun said in Wireguard remote access:

                    is there any option to set pfsense only listen on LAN interface?

                    No, you have to make rules on all the interfaces to allow and or block access to pfSense.
                    One common rule to create for this looks like this:
                    Capture.PNG

                    But you might want to add a DNS rule before that if clients should access the DNS-server on pfSense.

                    pfSense on Hyper-V

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    C 1 Reply Last reply Reply Quote 1
                    • C
                      chinchun @Bob.Dig last edited by

                      @bob-dig Thank you! Got it.

                      Bob.Dig 1 Reply Last reply Reply Quote 0
                      • Bob.Dig
                        Bob.Dig LAYER 8 @chinchun last edited by Bob.Dig

                        @chinchun I updated the screenshot above so that the rule is more secure and can be copied easily to other interfaces.

                        pfSense on Hyper-V

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        C 1 Reply Last reply Reply Quote 0
                        • C
                          chinchun @Bob.Dig last edited by

                          @bob-dig Thank you very much! I will try that.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post