Cant reach other LAN subnet via WG

viragomann

@johnytb
You need to add an outbound NAT rule for the WG tunnel network.

Firewall > NAT > Outbound
Enable the hybrid mode and save it. Then add a rule with the WG tunnel subnet as the source and WAN address as translation address.

johnytb

@viragomann
im not sure i understand where to add the rule? you mean in the outbound NAT ? or as a firewall rule ? please be more specific

viragomann

@johnytb
As I wrote, an outbound NAT rule.

Check "Hybrid Outbound NAT" and save this.
Add a rule:
interface: WAN
source: WG tunnel network
destination: WAN net
translation: interface address (WAN address)

If you intend to route also interne traffic from the client over the VPN use "any" for the destination.

johnytb

@viragomann
ok i added a rule excatly as you said and its not working

viragomann

@johnytb
Is the WAN subnet even routed over the VPN?

johnytb

@viragomann
i can reach the firewall LAN's from outside if that what you asking...
but cannot "go back" to the WAN subnets ( my home LAN 10.100.102.0/24)

Bob.Dig

@johnytb Show how your WAN is configured in pfSense.

johnytb

@Bob-Dig
here is aa image of my wan interface configuration.

Bob.Dig

@johnytb Why do you spoof MAC-address if you behind another router at home?
Outbound NAT is on automatic?

@johnytb said in Cant reach other LAN subnet via WG:

When im connected via WG i cannot reach my LAN subnet

Where are you if this happens? What is your WAN-IP on your device if this happens.

johnytb

@Bob-Dig
outbound nat is in Hybrid mode now.
dont understand the other questions..