Can't connect to other Vlans or Subnets After establishing a wire guard tunnel.
-
@Garric Post a screenshot of all your lan rules, where you are connected to.
-
@Garric said in Can't connect to other Vlans or Subnets After establishing a wire guard tunnel.:
https://vpn.ac/knowledgebase/139/WireGuard-on-pfSense.html
Can't access that without logging in. However I'd guess that you are policy routing all traffic over the WG tunnel which means you need another rule above that on the LAN to pass traffic to locally connected subnets without a policy route.
Steve
-
Thanks for the responses guys, here's screenshots of DNS Servers, Firewall Rules & Outbound Nat.
I think when I switched to manual NAT, it created all these rules which I am open to suggestions on how I could clean up?
-
Outbound NAT rules do not route traffic they only translate it if it's routed out of that interface already.
But all of your IPv4 traffic on the LAN subnet is going to hit that first firewall you have there and be policy routed via the Blakes_group gateway group.
It's just as I speculated you need to add another rule(s) above that to pass traffic from 'LAN subnets' to 'whatever local subnets you're trying to reach' without a gateway set. That could be an alias with the local subnets in it or separate rules for each subnet.
-
Something like this? Doesn't seem to be working, at least I can't access the other subnets.
-
Yup exactly like that.
-
@Garric said in Can't connect to other Vlans or Subnets After establishing a wire guard tunnel.:
I think when I switched to manual NAT, it created all these rules which I am open to suggestions on how I could clean up?
With WireGuard you usually don't need manual Outbound NAT nor Hybrid Outbound NAT, switch it back to Automatic.
Kill states if your new rule is correct.
-
Sadly, this didn't end up fixing the issue. Is there a way I could diagnose in Pfsense?
Sorry for my delayed response, I've been having to test this outside our office hours in the evenings and dealing with power outages as well.
Thank you
-
Do you see the rule you added passing traffic/opening states when you try to connect to those other subnet?
Do you see traffic blocked in the firewall log?
Check the state table when you try to connect. What states are opened, where?
-
Sorry about that, had /32 instead of /24 under aliases. My fault! Thanks for your help. All good now!
