Wireguard VPN client can access pfSense active server but can’t access pfSense backup server
-
Hello friends!
I have a scenario with pfSence CE 2.7.2 with HA and started using Wireguard VPN, which is configured in the active pfSense server. The Wireguard VPN clients are working fine, accessing all networks/vlans that I put in the client configuration, except for one problem: I simply can’t reach the pfSense backup server, which is located in the same subnet of the master pfSense server.
When I check both active and backup pfSense logs, I can see in the active logs, that the traffic is allowed from the Wireguard client IP address to the pfSense backup IP address, but in the backup logs, I can see the traffic is being blocked!
This is strange because as I have HA active, all Rules are being synchronized between 2 servers, so, the same rule that allows traffic from the Wireguard subnet to the firewall mgmt subnet that exists in the active server, exists in the backup server too.
For information:pfSense Master IP: 10.48.255.253/24
pfSense Backup IP: 10.48.255.252/24
pfSense CARP IP: 10.48.255.254/24
Wireguard subnet: 10.148.148.0/24From Wireguard clients I can reach 10.48.255.253 and 10.48.255.254, but I can’t reach 10.48.255.252.
Rules on Wireguard:
From 10.148.148.0/24 to all subnets = allow
Rules on pfSense MGMT:
From 10.48.255.0/24 to 10.148.148.0/24 = allowThanks in advance for some help!
BR,
Edgar -