Wireguard and Pfsense Strange issue

I have two pfsense setup with wireguard-Site to Site. Same versions of all. I get the tunnel and peers all connected.
On one side all work well. The other side i can reach the other subnet within pfsense console and the AD server. The issue is all the computer on the network can not reach the other site subnet. I have tried both linux and windows boxes. So the only computer that can reach the other site is pfsense is the AD server. I’m thinking the routing and everything is good on pfsense but something on my network is the issue.

AD tracert
Tracing route to over a maximum of 30 hops
1 <1 ms <1 ms <1 ms
2 16 ms 17 ms 17 ms
From a windows box
Tracing route to over a maximum of 30 hops
1 WIN10-VM [] reports: Destination host unreachable.
Trace complete.
traceroute to (, 64 hops max
1 * 52.130ms !H 0.005ms !H
Thank you in advance
Any thoughts?

Figured it out, The issue was that the DHCP of the server was passing a mask of to all the clients.
This is incorrect. I did a manual static of a windows client with a mask of and all worked.
Question: What is happening that the subnet of another class is stopping it from routing over Wireguard?


You set the firewall rules in pfsense to determine what systems can route where. Christian McDonald covers site to site rules in this video.