Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard remote access

    WireGuard
    2
    11
    783
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8 @chinchun
      last edited by Bob.Dig

      @chinchun Show WireGuard Settings please.
      Maybe you have to assign an interface for that tunnel.

      C 1 Reply Last reply Reply Quote 0
      • C
        chinchun @Bob.Dig
        last edited by

        @bob-dig Thank you for your reply, tried that, no luck.
        13870688-bb48-4f82-8c04-b12b922f9b0b-image.png
        0ac60473-1ef4-47d3-a3d3-dccf0dcd611c-image.png

        Bob.DigB 1 Reply Last reply Reply Quote 0
        • Bob.DigB
          Bob.Dig LAYER 8 @chinchun
          last edited by Bob.Dig

          @chinchun I meant WG-Settings in pfSense. Now looking at your phone, try 0.0.0.0/0 as allowed IP in there and report back if this will work then.

          C 1 Reply Last reply Reply Quote 0
          • C
            chinchun @Bob.Dig
            last edited by

            @bob-dig e4ce503e-7e38-4fcf-b3e6-17021d8321e7-image.png
            Allowed IPs set to 0.0.0.0/0 on my phone, still not working. This is realy weird, as soon as I connect pfsense to some device, eg. my laptop, it works, I can access pfsense from my phone throuh. But if LAN connect to no device, it stop working.

            Bob.DigB 1 Reply Last reply Reply Quote 0
            • Bob.DigB
              Bob.Dig LAYER 8 @chinchun
              last edited by Bob.Dig

              @chinchun Ok, you are trying to access pfSense only via the LAN-IP-address. But pfSense is listening on all interfaces. So try to connect via an interface-address that is connected. The best one would be the IP-address 10.254.1.1 but technically you could use any pfSense-address that is "online".

              If you would use a real switch on LAN, the interface would be up and you could connect even to the LAN-address but it is irrelevant which address you use.

              C 1 Reply Last reply Reply Quote 0
              • C
                chinchun @Bob.Dig
                last edited by

                @bob-dig Access through 10.254.1.1 is working. Thanks! So basicly I can only access pfsense through whichever interface is up right? If interface is down, I can not access through it? By the way, is there any option to set pfsense only listen on LAN interface?

                Bob.DigB 1 Reply Last reply Reply Quote 0
                • Bob.DigB
                  Bob.Dig LAYER 8 @chinchun
                  last edited by Bob.Dig

                  @chinchun said in Wireguard remote access:

                  is there any option to set pfsense only listen on LAN interface?

                  No, you have to make rules on all the interfaces to allow and or block access to pfSense.
                  One common rule to create for this looks like this:
                  Capture.PNG

                  But you might want to add a DNS rule before that if clients should access the DNS-server on pfSense.

                  C 1 Reply Last reply Reply Quote 1
                  • C
                    chinchun @Bob.Dig
                    last edited by

                    @bob-dig Thank you! Got it.

                    Bob.DigB 1 Reply Last reply Reply Quote 0
                    • Bob.DigB
                      Bob.Dig LAYER 8 @chinchun
                      last edited by Bob.Dig

                      @chinchun I updated the screenshot above so that the rule is more secure and can be copied easily to other interfaces.

                      C 1 Reply Last reply Reply Quote 0
                      • C
                        chinchun @Bob.Dig
                        last edited by

                        @bob-dig Thank you very much! I will try that.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.