Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    0.0.0.0/0 as allowed IPs on both ends

    Scheduled Pinned Locked Moved WireGuard
    3 Posts 2 Posters 482 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8
      last edited by

      0.0.0.0/0 as allowed IPs on both ends of one tunnel between two pfsenses works. But is it a good idea or is there a risk.
      Opinions?

      JeGrJ 1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator @Bob.Dig
        last edited by

        @Bob-Dig IMHO I don't see the use or if that's even a correct setting. As 0.0.0.0/0 would simply route everything through wireguard - what's there to gain? You can't route everything from A to the internet via B and vice versa - then no site has WAN/internet for themselves as both set default routes to the other side of the tunnel. So the whole setup makes no sense to me.

        Cheers

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • Bob.DigB
          Bob.Dig LAYER 8
          last edited by Bob.Dig

          My use-case is Site-to-Site VPN where I have added networks later on and did forget to change the allowed IPs in the configuration. And this happened to me more than once. 😉
          And pfSense itself is not using those allowed IPs for its routing so right now I am using this on a tunnel on both ends. I like the freedom of not having to touch this tunnel ever again.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.