Hello!
I have a scenario with pfSence CE 2.7.2 with HA and started using Wireguard VPN, which is configured in the active pfSense server. The Wireguard VPN clients are working fine, accessing all networks/vlans that I put in the client configuration, except for one problem: I simply can’t reach the pfSense backup server, which is in the same subnet of the master pfSense server.
When I check the both master and backup pfSense logs, I can see in the master logs, that traffic is allowed from the Wireguard client IP address to the pfSense backup IP address, but in the backup logs, I can see traffic is being blocked!
This is strange because as I have HA active, all Rules are being synchronized between 2 servers, so, the same rule that allows traffic from the Wireguard subnet to the firewall mgmt subnet that exists in master, exists in backup.
For information:
pfSense Master IP: 10.48.255.253/24
pfSense Backup IP: 10.48.255.252/24
pfSense CARP IP: 10.48.255.254/24
Wireguard subnet: 10.148.148.0/24
From Wireguard clients I can reach 10.48.255.253 and 10.48.255.254, but can’t reach 10.48.255.252.
Rules on Wireguard:
From 10.148.148.0/24 to all subnets = allow
Rules on pfSense MGMT:
From 10.48.255.0/24 to 10.148.148.0/24 = allow
Thanks in advance for some help!
BR,
Edgar