I’ve double, triple, quadruple checked all the settings to make a tunnel from my pfsense behind cgnat to my VPS machine, the cloud machine tunnel is up and running, checked nmap and the port is open but pfsense wont handshake it, I can’t figure out what’s causing that, does anyone have any clue what could be the reason or how to see why pfsense is not doing the handshake?
Edit: I’ve been using the vps to port forward the stuff for over a month but all of the sudden the machine had an issue and I created a new one with the same settings and here I am stuck.
I’m pretty sure that I wasn’t using that for the past month that I’ve been using wireguard to port forward behind CGNAT.
I even deleted my VPS machine like 4 times thinking that was the reason, when I added the public ip from my ISP (not the cgnat one) it made the handshake, so I could either use 0.0.0.0:51820 as the endpoint or a DDNS so only my “ISP Public IP” will be able to connect.
EDIT:
Just an improvement I just spin up a lxc container running this amazing Tool
It updates my public IP behind CGNAT and proxy it with cloudflare
Then I changed on the VPS peer so it would point to the DNS and it all worked fine !
a valid CIDR has zero at the end, 10.69.69.0/24
example: The host-part of the CIDR must be zero'ed.
this is valid: 192.168.0.0/16 and this isn't: 192.168.2.123/16.
The interface is the settings for the VPS peer, used to connect from a different device, and in my setup it’s using the 10.69.69.1/32 as it’s address.
The peer is my pfsense, which has the ip address of 10.69.69.2/32 because that’s the only IP address that I want to accept the connection to my VPS, I could put the whole subnet but I’m not going to connect to my VPS wireguard peer from a different device so I just put the 10.69.69.2/32 that is my Pfsense IP.
The whole reason that I wasnt being able to connect was the Endpoint line, on Tom video tutorial he doesn’t use that, after I added the handshake worked fine.