Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Odd routing / rules issue - contrary to setup guide

    Scheduled Pinned Locked Moved WireGuard
    1 Posts 1 Posters 224 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      radio1one
      last edited by

      Hi all,

      Have just set up a WG Site-to-Site peer following the recipe here.
      Running Pfsense 24.11 and WG 0.2.9 on 2 x Netgate 4200's at 2 different international locations.

      Site A subnet was 192.168.0.0/24
      Site B subnet was 192.168.1.0/24
      Tunnel was 10.6.210.0/30 (slightly modified from recipe, so gateway on Site A was 10.6.210.1 and gateway on Site B was 10.6.210.2)
      

      Setup interfaces and gateways as directed, with the info added above, and added the ANY<>ANY rule for the new WG interface and the 51820 UDP port rule on the WAN's. Ensured that the peers had the correct opposite subnet programmed in, as well as the tunnel. Also had static routes correctly set up in routing. Peers successfully connected, authenticated, etc

      Site A was able to ping devices at Site B, with packet sizes all the way up to 65500. Same with Site B. Remoting into both locations from a 3rd location, I was not able to traverse any other kind of data through the tunnel, eg TCP data for web and mail servers, or access any network shares through SMB, NFS, etc.

      Took a few hours, but I found that by setting a firewall rule at each site, on the LAN interface, structured like this:

      Site A: IPV4 - ANY - SRC: 192.168.0.0/24 DEST: 192.168.1.0/24,10.6.210.0/30 - GATEWAY: LOCAL_WG_UPSTREAM
      Site B: IPV4 - ANY - SRC: 192.168.1.0/24 DEST: 192.168.0.0/24,10.6.210.0/30 - GATEWAY: LOCAL_WG_UPSTREAM
      

      allowed the traffic to flow freely, and everything worked!

      My question are thus:

      • does this pose any security concerns
      • is this something new in these latest versions of pfSense and WG that haven't been updated in the recipe?

      Thanks all!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.