pfSense

Hi,

I've been enjoying WireGuard so far with the nightly builds of pfSense 2.5 and am happy to see the full release of 2.5 today with official WG support in the kernel!

I've been experimenting a bit with WG, and have decided on a setup akin to the one described here ([[https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html]]) where my pfSense box acts as a 'server' for my clients to connect to, so they may use the same network as my firewall.

I also went a bit beyond what was described in the tutorial and setup an Interface Assignment for wg0, my WG tunnel in question, with the firewall set to allow all traffic to other subnets/the web.

Now I'm looking into using the Avahi mDNS repeater which I've already setup on the firewall to repeat over the 192.168.15.1/24 subnet which I use for WG peers. Despite me selecting the wg0 Interface in the Avahi web config (in addition to other VLANs I had previously), and me adding 224.0.0.251/32 to the WG Peer "Allowed IPs" box in pfSense (my client's allowed IPs are 0.0.0.0/0), I can't seem to get it working. My clients can't pick up any mDNS devices. I've attached a photo of my pfSense WG Peer config for reference. I've also attached a snipped of my pfTop output for port 5353, looks like my WG subnet (192.168.15.1) is sending mDNS request to 224.0.0.251...
I have the "Repeat mdns packets across subnets" option in Avahi enabled too.

I was told to file a bug report here after posting on the forums first, and am happy to help with gathering more data if needed.

Cheers.