Wireguard and Pfsense Strange issue

rgadagno · April 15, 2022, 12:58pm

I have two pfsense setup with wireguard-Site to Site. Same versions of all. I get the tunnel and peers all connected.
On one side all work well. The other side i can reach the other subnet within pfsense console and the AD server. The issue is all the computer on the network can not reach the other site subnet. I have tried both linux and windows boxes. So the only computer that can reach the other site is pfsense is the AD server. I’m thinking the routing and everything is good on pfsense but something on my network is the issue.

AD tracert
Tracing route to 10.0.2.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.0.0.1
2 16 ms 17 ms 17 ms 10.0.2.1
From a windows box
Tracing route to 10.0.2.1 over a maximum of 30 hops
1 WIN10-VM [10.0.0.24] reports: Destination host unreachable.
Trace complete.
Linux
traceroute 10.0.2.1
traceroute to 10.0.2.1 (10.0.2.1), 64 hops max
1 * 10.0.0.50 52.130ms !H 0.005ms !H
Thank you in advance
Any thoughts?

rgadagno · April 15, 2022, 1:08pm

Figured it out, The issue was that the DHCP of the server was passing a mask of 255.0.0.0 to all the clients.
This is incorrect. I did a manual static of a windows client with a mask of 255.255.255.0 and all worked.
Question: What is happening that the subnet of another class is stopping it from routing over Wireguard?

Russ

LTS_Tom · April 15, 2022, 3:22pm

You set the firewall rules in pfsense to determine what systems can route where. Christian McDonald covers site to site rules in this video.