Firewall State Policy Floating States needed but why
-
I have two VPS, both with pfSense CE. They are connected via WireGuard. I have a port forward from one WAN to a host on the other VPS, via the wireguardtunnel. But this works if both CEs have Firewall State Policy: Floating States. I have no clue why Interface Bound States doesn't work.
-
@Bob-Dig
On the destination site you have to move over the pass rule for incoming traffic from remote from the Wireguard interface group to the dedicated WG instance interface.Best to remove any pass rules from the Wireguard group tab.
-
@viragomann I got none. And gave up on it. But if you have further advice, I will take it. Kinda looks to me, it could be CE related.
-
Maybe someone is willing to help me understanding this.
This is the rule in question at the destination pfSense. If I set only its State Policy to Floating States, it will work.
Interestingly the screen doesn't show that an advanced setting is changed/set.This Interface is configured as a WAN-type interface (gateway set), SNAT is manually disabled.
-
I tested this with pfSense Plus and CE and only CE is affected. My guess is that the new Firewall State Policy is not fully implemented in CE right now. Or it is a difference in the WireGuard Package.
Edit: I created a report on redmine.Working:
Not working:
Edit: Fixed it by upgrading to plus.
