Wireguard remote access
-
@chinchun Show WireGuard Settings please.
Maybe you have to assign an interface for that tunnel. -
@bob-dig Thank you for your reply, tried that, no luck.
-
@chinchun I meant WG-Settings in pfSense. Now looking at your phone, try 0.0.0.0/0 as allowed IP in there and report back if this will work then.
-
@bob-dig
Allowed IPs set to 0.0.0.0/0 on my phone, still not working. This is realy weird, as soon as I connect pfsense to some device, eg. my laptop, it works, I can access pfsense from my phone throuh. But if LAN connect to no device, it stop working. -
@chinchun Ok, you are trying to access pfSense only via the LAN-IP-address. But pfSense is listening on all interfaces. So try to connect via an interface-address that is connected. The best one would be the IP-address 10.254.1.1 but technically you could use any pfSense-address that is "online".
If you would use a real switch on LAN, the interface would be up and you could connect even to the LAN-address but it is irrelevant which address you use.
-
@bob-dig Access through 10.254.1.1 is working. Thanks! So basicly I can only access pfsense through whichever interface is up right? If interface is down, I can not access through it? By the way, is there any option to set pfsense only listen on LAN interface?
-
@chinchun said in Wireguard remote access:
is there any option to set pfsense only listen on LAN interface?
No, you have to make rules on all the interfaces to allow and or block access to pfSense.
One common rule to create for this looks like this:
But you might want to add a DNS rule before that if clients should access the DNS-server on pfSense.
-
@bob-dig Thank you! Got it.
-
@chinchun I updated the screenshot above so that the rule is more secure and can be copied easily to other interfaces.
-
@bob-dig Thank you very much! I will try that.
