I have been banging my head against a wall for couple of days and it seems that I need some assistance.
I have a setup where there is VPS server which works as a “server” for all peers. The idea is that all sites and user devices connect to this server and devices can access the sites.
Configuration for the server’s WG is following:
[Interface]
Address = 10.0.200.1/24
ListenPort = 51820
PrivateKey = privatekey
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
# Site 1
PublicKey = publickey1
AllowedIPs = 10.0.200.2/32
[Peer]
# Site 2
PublicKey = publickey2
AllowedIPs = 10.0.200.3/32
[Peer]
# Device 1
PublicKey = publickey3
AllowedIPs = 10.0.200.4/32
[Peer]
# Device 2
PublicKey = publickey4
AllowedIPs = 10.0.200.5/32
Both sites have Pfsense where Wireguard is configured. This is a configuration for one of the sites (10.0.200.3):
https://imgur.com/a/pZLHN3E
Client which tries to connect to VPS and access the server has following settings:
[Interface]
PrivateKey = privatekey2
Address = 10.0.200.5/32
[Peer]
PublicKey = serverpublickey
Endpoint = server:51820
AllowedIPs = 10.0.200.0/24,192.168.1.0/24,192.168.100.0/24
PersistentKeepalive = 25
The issues here is that client can ping WG interface of the Pfsense, but nothing in internal network including Pfsense (192.168.1.1) itself. I feel that this is pretty obvious but I can’t figure it out. Any ideas?
