Wireguard routing issue with a pfSense

Hello from Germany :slight_smile:

I try to setup a Site to site WG VPN connection between a Fritz!Box router and a pfSense. The connection works and I can ping from both sides.

Side A with the Fritz!Box Router is working fine, ping , connection etc. works good

Side B with the pfsense, I can’t access the resources. I can ping a server on Side A but I can’t access it from the browser.

Any ideas where to look at on the pfsense? There must be a routing issue.

The Peer config for side A:

  • both networks in the config as Allowed IPs
  • Firewall rules are for now Any any on the LAN, WG and WG0 Interfaces.
  • I have a Gateway with the IP of the WG tunnel from Side A
  • a static route for the local network of Side A using the WG Gateway.

I get the following error in the pfSense logs if I try to connect from Side B to a host on port 5008 on Side A:

Default deny rule IPv4 (1000000103) WG-Tunnel-IP-SideA:5008 MY-IP-From-SideB:52765 TCP:SA

thanks in advance

I have never used a Fritz box so I don’t know what settings go there, but Christian McDonald has this video outlining how to set it up on PFsense