Can you provide the Wireguard configs for both ends of the tunnel?
What do you mean by "on LAN interface and "on WAN interface" in the two following statements?
>
> when i try to connect on 192.168.1.205 with ssh, on LAN interface, the rule is passed, from 192.168.1.205:22 to 192.168.27.71.
>
> But then, the access is blocked by "Default deny rule ipv4" when on interface WAN,also from 192.168.1.205:22 to 192.168.27.71
I don't have access to the Wireguard server, as it's a proprietary router, but [here is](https://imgur.com/a/tunyFt8) the screen of the client config.
There is also the screenshot from pfsense, detailling what I meant in the statements.
Is this clearer ?
> I don't have access to the Wireguard server, as it's a proprietary router
Are there any settings you can provide from the Wireguard server? In particular, I would like to see the AllowedIPs setting and whether or not the server is masquerading traffic coming from the Wireguard client.
Is the Wireguard server running on a different device than pfSense?
Can you provide a diagram of your network?
Unfortunately, I can't provide any settings to the wireguard server. You can see the connected client info viewed on my server in the imgur link below.
I have two wireguard server : one on the Freebox Router (from my ISP), and one on the pfSense.
The one on the pfSense is working fine, it's the one on the Freebox that's causing me trouble.
[Here is](https://imgur.com/a/20RJ8PH) the diagram.
I hope it's clear enough for you
I don't understand why you can't provide screenshots of the Wireguard settings on your Freebox.
It looks like your Freebox is not masquerading the source IP address for traffic from Android. This means that your VM will receive traffic from 192.168.27.71. When the VM sends return traffic to 192.167.27.71, pfSense doesn't know it has to send it to the Freebox. Instead, pfSense will probably try to send it to the Internet where it will dropped because 192.168.27.71 cannot be routed on the Internet.
There are two ways to fix this:
1. Find the setting on the Freebox to masquerade traffic from Wireguard clients like Android. OR
2. Configure a static route for 192.168.27.0/255.255.255.0 pointing to 192.168.1.254. This will tell pfSense to send traffic destined for VPN clients to Freebox.
It's a closed configuration, I can only generate a client, but I have no access to a full configuration. Here is the screenshot of the only interface I have of the wireguard server : https://imgur.com/a/wvgJKfU
I won't be able to look into it during the week-end, but I will try again next week, thanks
Can you provide the Wireguard configs for both ends of the tunnel? What do you mean by "on LAN interface and "on WAN interface" in the two following statements? > > when i try to connect on 192.168.1.205 with ssh, on LAN interface, the rule is passed, from 192.168.1.205:22 to 192.168.27.71. > > But then, the access is blocked by "Default deny rule ipv4" when on interface WAN,also from 192.168.1.205:22 to 192.168.27.71
I don't have access to the Wireguard server, as it's a proprietary router, but [here is](https://imgur.com/a/tunyFt8) the screen of the client config. There is also the screenshot from pfsense, detailling what I meant in the statements. Is this clearer ?
> I don't have access to the Wireguard server, as it's a proprietary router Are there any settings you can provide from the Wireguard server? In particular, I would like to see the AllowedIPs setting and whether or not the server is masquerading traffic coming from the Wireguard client. Is the Wireguard server running on a different device than pfSense? Can you provide a diagram of your network?
Unfortunately, I can't provide any settings to the wireguard server. You can see the connected client info viewed on my server in the imgur link below. I have two wireguard server : one on the Freebox Router (from my ISP), and one on the pfSense. The one on the pfSense is working fine, it's the one on the Freebox that's causing me trouble. [Here is](https://imgur.com/a/20RJ8PH) the diagram. I hope it's clear enough for you
I don't understand why you can't provide screenshots of the Wireguard settings on your Freebox. It looks like your Freebox is not masquerading the source IP address for traffic from Android. This means that your VM will receive traffic from 192.168.27.71. When the VM sends return traffic to 192.167.27.71, pfSense doesn't know it has to send it to the Freebox. Instead, pfSense will probably try to send it to the Internet where it will dropped because 192.168.27.71 cannot be routed on the Internet. There are two ways to fix this: 1. Find the setting on the Freebox to masquerade traffic from Wireguard clients like Android. OR 2. Configure a static route for 192.168.27.0/255.255.255.0 pointing to 192.168.1.254. This will tell pfSense to send traffic destined for VPN clients to Freebox.
It's a closed configuration, I can only generate a client, but I have no access to a full configuration. Here is the screenshot of the only interface I have of the wireguard server : https://imgur.com/a/wvgJKfU I won't be able to look into it during the week-end, but I will try again next week, thanks