Correction #15286: Wireguard Remote Access Config Recipe Typo - pfSense Docs - pfSense bugtracker

Actions

Copy link

Correction #15286

closed

Wireguard Remote Access Config Recipe Typo

Added by Kris Phillips 11 months ago. Updated 10 months ago.

Status:

Rejected

Priority:

Normal

Assignee:

Category:

WireGuard

Target version:

Start date:

Due date:

% Done:

Estimated time:

Description

The split-tunnel configuration example here is incorrect:
https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html#client-configuration

It should have
AllowedIPs = 10.6.210.2/32, 10.6.0.0/24

and not
AllowedIPs = 10.6.210.1/32, 10.6.0.0/24

The IP of the client should be in the allowed list rather than the interface IP of the firewall's WG interface.

Actions

Copy link

Updated by Jim Pingle 10 months ago

Status changed from New to Rejected

The example you quoted is the configuration that goes on the client side, not the server side. The client shouldn't list its own address in the AllowedIPs line, it should list addresses that are on the other end of the tunnel, which in this case would be the WireGuard server interface.

It's correct as it is.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Docs