I have a network A with the subnet 192.168.1.1/24, connected to a Telekom Speedport Smart 3, and a network B with the subnet 10.168.1.1/24, connected to an SG-1100 with pfSense (behind a cable modem).
The goal is to route all traffic from network B, including internet requests, through the WireGuard tunnel to network A, so that every client in network B appears with the external/public IP address of network A.
WireGuard has been activated as a VPN access on the Speedport in network A. The config file available for download in this menu looks like this (there is no way to change anything in the configs):
[Interface]
PrivateKey = private
Address = 10.200.200.1/24
DNS = 192.168.2.1
[Peer]
PublicKey = public
PresharedKey = shared
AllowedIPs = 0.0.0.0/0
Endpoint = anydomain.duckdns.org:53280
PersistentKeepalive = 21
On pfSense, I have done the following:
- Installed WireGuard through the Package Manager.
- Activated WireGuard in VPN -> WireGuard -> Settings, setting "Interface Group Membership" to "only unassigned tunnels."
- Created a new tunnel with the following data: Enabled, Listen Port: 53280, Interface Keys auto-generate (unsure about this point).
- Under Interfaces -> Assignments, I created a new interface WG0 assigned to tun_wg0 with the following settings: Enabled, Static IP4 10.200.200.2/24.
- In the Firewall Rules, I added an any to any pass rule for all protocols for the WG0 interface.
- Added a peer: Enabled, Tunnel as tun_wg0, Endpoint: anydomain.duckdns.org:53280, public key: public, preshared key: shared, allowed IPs: 0.0.0.0/0.
Despite several tutorials, the tunnel doesn't seem to be established, and pinging 10.200.200.1 from pfSense is not working. Additionally, VPN -> WireGuard -> Status shows a red hand, and "last Handshake" is listed as never. Sent: 6 KiB, received: 0 KiB.
Where did I make a mistake? If more information is needed, I'd be happy to provide it. Thank you for your help:)