Wireguard gateway no working outside dashboard

technoblue · Feb 3, 2024, 11:07 AM

I have configured wireguard and stablish the connection with my other site, if i test it with the ping tool in the dashboard it works

But when I try to ping or connect from my pc or other network device it doesn´t connect

Also I have a bridge config in my 3 LAN ports to act as a switch and if I select that bridge as source address it doesn´t work either

local network: 10.2.0/24
WG network: 10.95.99.0/24
other site network 192.168.15.0/24

Static Route config:

Firewall config:

Someone have some clue?

PlyrStar93 · Feb 5, 2024, 7:34 AM

In your 10.2.0.0/24 Windows PC, perform a trace route to 192.168.15.210 and see which route it goes. It's possible that the devices in your local LAN are not following the static route defined (possibly due to firewall rules on the bridge interface forcing the traffic through a particular gateway).

Also, can you show the allowed IPs configured for the peers on both sides just in case? In addition, the firewall rules of MYSWITCH interface, and the general configs of LAN and MYSWITCH interfaces (include the IPv4 settings).

technoblue · Feb 5, 2024, 10:32 AM

@PlyrStar93

The tracert comand fail as the gateway doesn`t route it

I only have the config of the peer of pfsense as the other device is a qnap router and in that side i can´t see the peer config, but i think that if in the pfsense dashboard the ping works it have to be something in the gateway config or static routes...

Pfsense peer config:

Firewall rules MYSWITCH

LAN Config:

MYSWITCH Config:

technoblue · Feb 8, 2024, 10:42 PM

Traceroute working

But when I select the interface MYSWITCH (this is what i use as i use my 3 LAN ports)

technoblue · Feb 14, 2024, 4:53 PM

Someone know what cloud be happening?

Jarhead · Feb 14, 2024, 5:24 PM

@technoblue Judging by your Firewall Rules I'd assume you're not using an interface for the tunnel so what rules do you have on the Wireguard tab?

technoblue · Feb 14, 2024, 6:08 PM

@Jarhead

Hi! Yes I´m using an interface

What I don´t understand is why the ping works with the LAN interface, but it doesn´t works with the "MYSWITCH" interface, this one I use to have 3 LAN ports of my box

Jarhead · Feb 14, 2024, 6:50 PM

@technoblue You need to set the MTU to 1420 on the WG interface.
Do a constant ping from the far end while doing a packet capture on the pfSense WG interface. do you see the pings going both ways?

technoblue · Feb 14, 2024, 8:05 PM

@Jarhead

MTU to 1420, done.

No, my other wireguard service is running in an Qnap router and it doesn´t allow me to use the wireguard as cllient, only server I think it doesn´t matter as I can reach the subnet 192.168.15.0/24 the Qnap LAN, the ping and trace rout works when in Pfsense i select LAN interface, the problem is when I want to reach it from my Bridge interface (MySwitch) which is the one i use.

Jarhead · Feb 15, 2024, 1:08 AM

@technoblue So then it's something on the pc itself.
Is the gateway set correctly?
Do you have Windows firewall enabled? If so, disable it.
Is the pc's network discovered as public or private?
Can the pc connect to anything else?

Just to clarify, Wireguard doesn't use Server/Client types. Everything is just a peer.
Although one peer can be used as a hub in a hub and spoke config (ie multisite) so it can be considered a server, but it's still just a peer.

technoblue · Feb 15, 2024, 4:26 PM

@Jarhead

My Pc and my other devices in the network doesn`t have any issues, I think that the gateway is set correctly because in the ping and tracerout test works fine with "Any" or LAN Interfaces, the issue is when I try it with the "MYSWITCH" bridge interface (which is the one use)

Static Route:

Thanks for the clarification.

technoblue · Mar 4, 2024, 10:55 AM

Some idea? Someone?

technoblue · Mar 23, 2024, 10:51 AM

Finally!

The solution was creating a firewall rule that route the traffic of my Bridge interface through the gateway i have created for the wireguard client.