Can´t reach Wireguard subnet from bridge interface
-
Can´t reach one wireguard subnet from the bridge interface.
I have a Bridge interface called MYSWITCH( with ip 10.2.0.1) as my pfsense device have 5 ethernet ports and need 4 LAN ports.
Already is configure a site to site wireguard vpn with the subnet 10.95.99.0/31
The local network is 10.2.0.0/24 and the remote site network is 192.168.15.0/24
After proper configurations, when a ping(from pfsense dashboard) test is done, i can reach the remote site network
But doing the same but from a device in the local network it fails, the same as if the ping test from pfsense dashboard is done selecting MYSWITCH interface
Someone have any sugestion?
-
@technoblue
Ensure that the remote device allows access from outside of its subnet. By default this is blocked by the operating systems firewall.Also recheck the Wireguard settings on both sites and the firewall rules on the remote.
-
The remote site isn´t the problem, i can connect to the subnet from my pc with wireguard client with no issues.
And the firewall rules is just one that allow all traffic
and this is the static route
The extrange thing is that the ping with the LAN interface works, but it doesn´t work with the bridge interface
-
@technoblue said in Can´t reach Wireguard subnet from bridge interface:
And the firewall rules is just one that allow all traffic
I was talking about the remote site.
The extrange thing is that the ping with the LAN interface works, but it doesn´t work with the bridge interface
Reasons for this could be that the remote site is missing the proper route to your LAN or that the destination device (192.168.15.210) uses a different upstream gateway than the remote VPN endpoint.
-
@viragomann said in Can´t reach Wireguard subnet from bridge interface:
I was talking about the remote site.
The remote site works fine, I can connect with the wireguard client perfect
@viragomann said in Can´t reach Wireguard subnet from bridge interface:
Reasons for this could be that the remote site is missing the proper route to your LAN or that the destination device (192.168.15.210) uses a different upstream gateway than the remote VPN endpoint.
But if the issue is in the remote site, i wouldn´t be able to connect to it subnet and i can do it with the wireguard client.+
-
@technoblue said in Can´t reach Wireguard subnet from bridge interface:
The remote site works fine, I can connect with the wireguard client perfect
But if the issue is in the remote site, i wouldn´t be able to connect to it subnet and i can do it with the wireguard client.+
So if you know that better anyway to trying to help is a waste of time.
-
@viragomann said in Can´t reach Wireguard subnet from bridge interface:
@technoblue said in Can´t reach Wireguard subnet from bridge interface:
The remote site works fine, I can connect with the wireguard client perfect
But if the issue is in the remote site, i wouldn´t be able to connect to it subnet and i can do it with the wireguard client.+
So if you know that better anyway to trying to help is a waste of time.
Yup, I got to the same point in his other thread.
-
@Jarhead said in Can´t reach Wireguard subnet from bridge interface:
Yup, I got to the same point in his other thread.
Thanks for confirmation. So I have to add a new line to my blacklist, was unsure before.
-
Finally!
The solution was creating a firewall rule that route the traffic of my Bridge interface through the gateway i have created for the wireguard client.