Bug #14744
closed
Documentation bug: Remote access VPN example
0%
Description
I recently looked at https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html to set up remote access with my pfSense installation in order to investigate WireGuard. However, I noticed at least one, and possibly two, issue with the steps there that required investigation/correction, and I wanted to report them.
First, for what I know to be an issue, in the firewall rule that gets the description "Pass traffic to WireGuard", it has a destination of "WAN Address". That should be "This firewall", or it never gets passed to the WireGuard daemon, and sessions are never established.
The other part is what I'm less certain of, and that's that I had to do was switch my outbound NAT mode to hybrid and create a NAT rule on the WAN interface with any protocol, my WireGuard CIDR range as the source network, and any destination. Until I did that, I couldn't actually send traffic out of the network, even with the "Pass VPN traffic from WireGuard peers" rule. I feel I shouldn't have to explicitly NAT the traffic out, given that I don't have to with OpenVPN, but perhaps I do?
Updated by Jim Pingle 8 months ago
- Status changed from New to Rejected
- Assignee deleted (
Christian McDonald)
Sounds like both of those points are specific to your config/use case and not as described in the docs exactly. The WAN rule is right as it is, it shouldn't be 'this firewall'. The NAT part is a general topic and covered elsewhere. The docs are setting up a remote access VPN, not an internet access VPN.