Actions
Correction #15286
closed
Wireguard Remote Access Config Recipe Typo
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Description
The split-tunnel configuration example here is incorrect:
https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html#client-configuration
It should have
AllowedIPs = 10.6.210.2/32, 10.6.0.0/24
and not
AllowedIPs = 10.6.210.1/32, 10.6.0.0/24
The IP of the client should be in the allowed list rather than the interface IP of the firewall's WG interface.
Updated by Jim Pingle about 2 months ago
- Status changed from New to Rejected
The example you quoted is the configuration that goes on the client side, not the server side. The client shouldn't list its own address in the AllowedIPs line, it should list addresses that are on the other end of the tunnel, which in this case would be the WireGuard server interface.
It's correct as it is.
Actions