Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    quick question regarding inboud/outbound(which is which) interfaces after configuring WireGuard

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 728 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hsssslaa
      last edited by

      I have configured Wireguard on pfsense so that all my clients are begind a vpn (VPN provider is AirVPN). I followed this guide to set this up

      https://www.comparitech.com/blog/vpn-privacy/pfsense-wireguard-setup/

      I now have a new interface - the AirVPN_Wireguard_Interface.

      I am setting up pfBlockerNG and in the set up wizard have to select the following Screenshot 2023-04-05 at 20.55.58.png

      Normally Inboud Firewall interface would be the WAN, but I suppose now it is the Wireguard interface? Can somone please confirm?

      Outboud Firewall interface I assume is still LAN?

      I hope somone can confirm, many thanks!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        If all your traffic is going over WG VPN then that is the inbound interface instead of WAN (which carries the encrypted VPN traffic) yes.

        However unless you are forwarding traffic across the VPN nothing comes in there anyway because there's no public route to the VPN private IP.

        The rule governing outbound traffic is still on the LAN.

        Steve

        H 1 Reply Last reply Reply Quote 0
        • H
          hsssslaa @stephenw10
          last edited by

          @stephenw10 said in quick question regarding inboud/outbound(which is which) interfaces after configuring WireGuard:

          If all your traffic is going over WG VPN then that is the inbound interface instead of WAN (which carries the encrypted VPN traffic) yes.

          However unless you are forwarding traffic across the VPN nothing comes in there anyway because there's no public route to the VPN private IP.

          The rule governing outbound traffic is still on the LAN.

          Steve

          Thanks for confirming. Sadly it looks like pfblockerNG is unsable to download any lists. Do i have to make explicit rules to allow it? I remember not having this problem prior to setting up the Wireguard VPN.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Depends how the VPN is configured. Connections from the firewall itself cannot be policy routed so they always use the system routing. If you have set the system default route to be over the WG VPN it will be trying to use it.

            H 1 Reply Last reply Reply Quote 0
            • H
              hsssslaa @stephenw10
              last edited by hsssslaa

              @stephenw10 said in quick question regarding inboud/outbound(which is which) interfaces after configuring WireGuard:

              Depends how the VPN is configured. Connections from the firewall itself cannot be policy routed so they always use the system routing. If you have set the system default route to be over the WG VPN it will be trying to use it.

              I do indeed have the default gateway set as the Wireguard VPN. Is that causing the issues?

              edit: I think it is the issue indeed. I just selected the Default Gateway to Automatic and the feed download fine. I wonder what are the implications of this, as I want to make sure that my traffic goes via the Wireguard gateway.Esentially I would like to avoid my clients not being behind the vpn.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Well for some reason traffic from the firewall itself is failing. Maybe you have a rule blocking it? Something incorrectly NATing? Check the states while trying to download lists.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.