Wireguard pfSense VPN to access existing LAN with another router

Networking & Firewalls
1

Hello everyone,

There is an existing network 192.168.2.0 with a home router. This home router can do only port forward. i have no priviledge to change anything, but i can use pfsense firewall on LAN site if helps, and also use port forwarding on the home router if helps.

The remote network is 192.168.3.0 and is already pfsense and i have full control with static public IP.
So i have manage to do a site to site Wireguard following the video of Mr. Tom.

image

PFSense 1 can ping pfSense 2 and PC2 over the tunnel. The problem is that i can’t access PC1. This device is not aware of the tunnel of VPN, and also knows that the gateway is the existing router. I can understand the problem, but i can’t see any solution.

Any suggestions ? Is this possible without messing the existing Lan 2 ?
How i can possibly route the traffic i need, through the pfsense on LAN2 with the IP 192.168.2.10 ? This way all the clients on LAN2 will respond to the same network with no problem.

Thanks for any comments.

2

The best way to do this would be put PC 1 behind pfsense one.

3

any other way to do that ? Can’t change much the existing network.

4

There might be a way to configure PC1 with pfsense as a secondary gateway and some static routing rules, it would be much complex.

5

I did some tests for above issue, and i’m posting this for future reference in case someone need this.

Site to Site VPN Tests:

  1. pfSense 1 as Open VPN Server (port forward on home router) - pfSense 2 as Open VPN Client
  2. pfSense 1 as Open VPN Client - pfSense 2 as Open VPN Server
  3. Wireguard Tunnel between them
    On all cases i was able to access pfSense1 , but nothing else on the LAN 192.168.2.0/24

VPN Road Warrior from Windows PC:

  1. Wireguard Tunnel ( (port forward on home router)
  2. OpenVPN Remote Access Setup (User Auth)
    I was able to access all devices on LAN 192.168.2.0/24 using both Wireguard and OpenVPN, as long it is road warrior style from Windows PC.

I don’t know exactly why the 2 methods are different on that aspect, but this is what are the results. Most probably the site to site setup is not working because of the default gateway of LAN being the home router. Any comments will be appreciated.