I’m setting up a routing lab to learn some stuff about Wireguard for a future project. I’m following this guide: Virtual Private Networks — WireGuard — WireGuard Routing | pfSense Documentation
IP differences from guide:
Firewall 1 WAN: 10.0.0.130
Firewall 2 WAN: 10.0.0.156
Firewall 3 WAN: 10.0.0.173
Firewall 1 LAN: 10.10.10.0/24
Firewall 1 LAN: 10.10.20.0/24
Firewall 1 LAN: 10.10.30.0/24
HQ Tunnel Address: 172.16.0.1/24
Remote A: 172.16.0.2/24
Remote B: 172.16.0.3/24
Note: Using the guide has 172.16.0.0/30 as the subnet but when doing this, on remote side B, you can’t set it up with 172.16.0.3/30 because 3 is the broadcast address.
After setting up the lab exactly as the guide example with the exception of the above IP info, I get these results:
Can ping from each client site PC on their respenctive LANs to the HQ firewall: 10.10.10.1
Can ping from each client site PC to each other and to each firewall’s LAN IP and the tunnel IPs.
Can not ping from PC on LAN of HQ to either client site firewall
From HQ firewall, can ping 172.16.0.1, 172.16.0.2, or 172.16.0.3 when using VPN address as source but not LAN
From HQ firewall, if I select source as VPN, can ping 10.10.20.1 or 10.10.30.1.
From HQ firewall, if I select source as LAN, can’t ping 10.10.20.1 or 10.10.30.1.
From HQ connected laptop on LAN, can’t ping any of these: 10.10.10.1, 10.10.20.1, 10.10.30.1, 172.16.0.1, 172.16.0.2, or 172.16.0.3
This would seem to be a routing issue as far as I can tell but I’m not sure how to correct it. Any ideas?