Wireguard tunnel as WAN interface?

bilm · Feb 14, 2024, 6:22 PM

Hello,

On a self-hosted server installed with the proxmox hypervisor, I want to host various services on virtual machines in a LAN.
I want to configure a pfSense VM to protect my services on the LAN.
The public IP giving access to my services will be provided via a Wireguard VPN.

Here's a diagram describing the configuration I want to set up:

I've already tried to create a tunnel and a peer wireguard with information from my VPN provider. Here are some screenshots of this configuration

The tun_wg0 tunnel seems functional according to the wireguard status:

Then I tried to assign the tun_wg0 tunnel as a WAN interface, but now I'm losing access to the net from a VM on the LAN ...

How can I find out what the problem is?
Is the way I want to configure my network the right one?

Thanks
bilm

Bob.Dig · Feb 15, 2024, 7:12 AM

@bilm said in Wireguard tunnel as WAN interface?:

Then I tried to assign the tun_wg0 tunnel as a WAN interface

Don't do that. Instead search for policy based routing on pfSense with Wireguard.

bilm · Feb 19, 2024, 6:17 PM

@Bob-Dig Thanks !!!

After some research on policy based routing, I managed to give Internet access to a vm on my LAN using this tutorial as inspiration : https://protonvpn.com/support/pfsense-wireguard/

now I'll try to configure haproxy to expose the services of the vm on my lan !