Solved Connectivity problem with Wireguard and PF

Hi

I've been trying to configure a personnal wireguard VPN on a freebsd machine. Everything works until I try to configure my PF firewall. Without PF, I can connect and my IP address is changed. Here is my configuration :


Code:
set skip on lo0
scrub in all

#nat
nat on vtnet0 from 10.0.0.0/24 to any -> (vtnet0)

#rules
block in all
pass out all keep state
pass  in proto tcp from any to any port ssh keep state
pass in proto {udp,tcp} from 10.0.0.0/24 to 10.0.0.1 port 11111 keep state
pass in proto {udp,tcp} from 10.0.0.0/24 to vtnet0 keep state

I'm trying to filter all ports except ssh (it's on the Internet) and the VPN tunnel port. When using tcpdump on my VPN interface, I can see the client packets going through. For example, when I try "nslookup google.com", I can see the request going through, but no response is given back. What I am doing wrong ? Thanks for your help.
 
Alright, problem solved. I had to understand more how PF works with FreeBSD ! (When I read my rules in the original post, I was far from understanding how PF works D: )

Thanks anyway !
 
I'm having this same issue and I think the problem is in pf, but I can't seem to get the right pf.conf. Can you post your final pf.conf?
 
Back
Top