can only reach wg clients from pfsense not from lan
-
Hi
I setup a wiregiard tunnel to connect a usb-device server with integrated wireguard supoprt to my pfsense. the connection itself works (and I do have the green handshake symbol under status) but I can only reach (that is ping) the device from the pfsense itself - from the LAN I can ping the pfsense IP in the transfer net but not the wg client.
Heres my setup: pfsense 2.8.1 / wireguard 0.2.9_5
pfsense LAN: 192.168.201.1/24, wan with a static ip
I created a tunnel tun_wg0 and a peer with a dynamic endpoint
aet the allowed IP for this endpoint to 192.168.232.2/32
I created an interface OPT1 with MTU 1420 and a static IP of 192.168.232.1/24on the client I set these options:
virtual client ip: 192.168.232.2/32
allowed IP: 192.168.232.1/32, 192.168.201.0/24
I have no control over the lan ip of the device (assigned by dhcp)as said - tunnel works. ping from pf sense to 192.168.232.2 works. ping from lan to 192.168.232.1 works but not to 232.2
I am sure I am only missing something small - but at the moment I cant the tree in the woods anymore - any help would be greatly appreceated
-
Hi,
your client side (192.168.232.2) doesn't now the route back to your pfsense LAN: 192.168.201.1/24.
your have to add on client site:route add -net 192.168.201.1/24 gw 192.168.232.1