Project

General

Profile

Actions

Bug #14744

closed

Documentation bug: Remote access VPN example

Added by Chris Gelatt over 1 year ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

I recently looked at https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html to set up remote access with my pfSense installation in order to investigate WireGuard. However, I noticed at least one, and possibly two, issue with the steps there that required investigation/correction, and I wanted to report them.

First, for what I know to be an issue, in the firewall rule that gets the description "Pass traffic to WireGuard", it has a destination of "WAN Address". That should be "This firewall", or it never gets passed to the WireGuard daemon, and sessions are never established.

The other part is what I'm less certain of, and that's that I had to do was switch my outbound NAT mode to hybrid and create a NAT rule on the WAN interface with any protocol, my WireGuard CIDR range as the source network, and any destination. Until I did that, I couldn't actually send traffic out of the network, even with the "Pass VPN traffic from WireGuard peers" rule. I feel I shouldn't have to explicitly NAT the traffic out, given that I don't have to with OpenVPN, but perhaps I do?

Actions #1

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Rejected
  • Assignee deleted (Christian McDonald)

Sounds like both of those points are specific to your config/use case and not as described in the docs exactly. The WAN rule is right as it is, it shouldn't be 'this firewall'. The NAT part is a general topic and covered elsewhere. The docs are setting up a remote access VPN, not an internet access VPN.

Actions

Also available in: Atom PDF