WG "full tunnel" (0.0.0.0/0) Not working. Local access works, but cannot get to wan addresses

LVLAaron 0

https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html

I have followed this and have 3 clients connected.

When using allowed IP's (192.168.2.0/24, 10.3.2.0/24 - My local subnet, and wg subnet) I can get to my network devices just fine.

If I change my clients allowed IP's to 0.0.0.0/0 - I can still get to my local devices, but I cannot get to any WAN addresses.

Running latest OS

viragomann

@LVLAaron-0 said in WG "full tunnel" (0.0.0.0/0) Not working. Local access works, but cannot get to wan addresses:

If I change my clients allowed IP's to 0.0.0.0/0 - I can still get to my local devices, but I cannot get to any WAN addresses.

Then the whole upstream traffic is directed to the remote site.
So you need an outbound NAT rule for this traffic at the remote WAN interface to masquerade it.

LVLAaron 0

@viragomann

Here's the NAT I have... same problem... Suggestions?

viragomann

@LVLAaron-0
The destination has to be "any".
"WAN subnets" is only the subnet of your WAN IP.

LVLAaron 0

@viragomann

I got it. The "WireGuard Networks" alias wasn't defined/working... Changed it to the address of my WG network and things are working. Thanks!