Wireguard tunnel as internet gateway for specific interface

efny · April 29, 2022, 2:00am

I was wondering if anyone has an idea how to accomplish the following task.
0. Site A and Site B both have fiber connections and Pfsense boxes

Site A is linked to Site B via a site-to-site WG tunnel (done)
Site B has 3 physical interfaces (call it LAN1 and LAN2 and WAN)
I would like for LAN1 internet traffic to exit the WAN interface, but for LAN2 internet traffic to traverse the WG tunnel, and leave via the WAN interface at Site A

At a different site I was able to make a tunnel and pass ALL traffic via the WG tunnel so all internet traffic appeared to be coming from Site A, but I can’t figure out how to do this on a per-interface basis.

Would appreciate any insights. Thanks in advance.

LTS_Tom · April 29, 2022, 8:42am

It’s not done via interface, it’s done per network via policy routing outbound NAT rules. They have some examples in the documentation of how to do it with OpenVPN, should work much the same for Wiregurad.
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-route-internet-traffic.html

efny · April 30, 2022, 2:19pm

Dear Tom,

Really appreciate your input. That absolutely did the trick! It’s pretty incredible that you find the time not only to create the educational videos, but also to personally answer a question on the forum!

Thank you so much.