Noob networking and/or wireguard question

Lomik · August 16, 2023, 9:09am

Hi,
my setup is:

pfsense (with wireguard)
^ Mikrotik1 switch directly to pfsense - devices connected: Wifi AP, Proxmox and Mikrotik2
^ Mikrotik2 switch connected to Mikrotik1 - devices connected: TrueNAS

While im using my phones Wifi im able to connect to everything

but once i switch to LTE & Wireguard: im able to connect to pfsense , both switch interfaces and everything connected to Mikrotik1 but nothing connected to Mikrotik2 (TrueNAS and other)

what am i missing?

Appreciate all the help and advise.

LTS_Tom · August 16, 2023, 9:17am

Are those devices on a separate subnet and does Wireguard have those subnets setup to route?

Lomik · August 16, 2023, 9:28am

at this time, whole internal network in on one subnet

Paul · August 16, 2023, 10:13am

Check your pfsense setup, that you have the correct subnet mask

Are you blocking access to certain ip’s on the inbound wireguard configuration

On PFSense, can you ping any devices on the Mikrotek2 network

Check out Tom’s video https://www.youtube.com/watch?v=8jQ5UE_7xds.

LTS_Tom · August 16, 2023, 11:09am

Also check each device that you can not reach and make sure it has the pfsense as the gateway.

Lomik · August 16, 2023, 12:52pm

TrueNAS Scale:
Nameserver (DHCP): 10.66.6.1
Default Route routerIPv4: 10.66.6.1
enp3s0 10.66.6.20/24

from PFSense:
PING 10.66.6.20 (10.66.6.20): 56 data bytes
64 bytes from 10.66.6.20: icmp_seq=0 ttl=64 time=0.265 ms
64 bytes from 10.66.6.20: icmp_seq=1 ttl=64 time=0.175 ms
64 bytes from 10.66.6.20: icmp_seq=2 ttl=64 time=0.131 ms

— 10.66.6.20 ping statistics —
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.131/0.190/0.265/0.056 ms

Wireguard original setup was done with Toms video, including phones peer being in the same subnet as in the video 172.16.16.3/32

On phone LTE&Wireguard
Im able to ping 10.66.6.1
Im able to ping 10.66.6.4 -Mikrotik2
Im unable to ping 10.66.6.20

Lomik · August 16, 2023, 2:19pm

Belive this should not matter but Mikrotik2 is CRS305-1G-4S+

LTS_Tom · August 16, 2023, 2:39pm

I think I see the issue, the default Kubernetes range in TrueNAS scale is probably overlapping with your Wireguard network. One of them as to be changed because TrueNAS will route local Kubernetes ranges with higher priority.

Lomik · August 16, 2023, 2:58pm

Tom that exactly it. Thank You.