Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Wireguard issue over IPFIRE and public wifi

    Scheduled Pinned Locked Moved WireGuard
    2 Posts 2 Posters 122 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      scionix
      last edited by

      Greetings!!

      I run a lab to learn and ran into a very curious issue.
      Would appreciate any help or insight that can be provided.

      I run 2 connections, 1 WIFI from IPFIRE box over public wifi(internet1),
      Connected to a local LAN link (internal1).

      I then connect a PFsense box to then internal1 network, and dial a Wireguard VPN over this connection. The VPN establishes, but there is no traffic.
      And when I ping the default gateway of 10.2.0.1 from the PFsense box it fails.

      I can see no firewall rules on PFsense or IPFire blocking the traffic.
      And once the connection is established, I assumed it would work regardless of the wifi/public internet.

      I then siwtch the PFSense box to Fiber connection *without IPFIRE currently, and the exact same setup works perfectly. Wireguard establishes and gateway is reachable, traffic works.

      On the internet1 connection, PFsense reports that 10.2.0.1 is not reachable, even though the tunnel is connected. And the IPFIRE box does show the wireguard tunnel, but doesn't show any traffic flowing through it.

      So my question is this, Can the IPFIRE box somehow interfere with the wireguard tunnel? (somehow I doubt this)
      And has anyone else experienced issues with wireguard tunnels over public wifi?

      Anything I can check that might pinpoint the issue?
      I am learning the specifics of wireguard and PFSense,
      but I have a good grasp on networks and routing in general.

      Anyone else running PFSense over IPFIRE or similar firewall successfully?
      (Obviously having PFSense with openvpn or wireguard tunnel)?

      1 Reply Last reply Reply Quote 0
      • G Online
        giuliafw70
        last edited by

        Yes, the IPFire/public Wi-Fi side can still matter even after the WireGuard handshake. The handshake only proves the UDP endpoint exchange works; it does not prove the routed traffic inside the tunnel has a return path. I would check the basics in this order: MTU first, then NAT/masquerade on the IPFire path, then whether pfSense has a route for 10.2.0.0/whatever via the WireGuard interface and matching allowed IPs on the peer. A packet capture on pfSense WAN and on the WireGuard interface during a ping to 10.2.0.1 should show whether packets enter the tunnel and whether anything comes back.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.