PF PF Remote access VPN - limit access to Local Network not working properly.

T

T_P_H_Beastie

Greetings.
I have configured WG as a remote access VPN for a mate in PRC to use while he is there to give him freedom.
That works correctly to give him a non-PRC IP address and let him use US websites with no issues.
However, I am working on another issue here.
I would like to allow remote access to a network using Wireguard to provide VNC remote support and "lock" the access
to only allow connections to the local network - (192.168.0.0/16).
I'm having problems with the config. getting it to only allow traffic to the local network while connected to the VPN.
When it's set up the same as my other VPN I can access the local network, but when I have tried changing the rules
I lock myself out and have no access to the local network through the VPN at all.
Any help would be much appreciated.
Tks

Code: 
#    Modeled after - $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

set skip on lo

block return    # block stateless traffic
pass        # establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild



# Wireguard  below ####################################

localnet="192.168.0.0/16"
bge0="egress"

# Open the Wireguard port to the outside
pass in on $egress proto udp from any to any port 51828

# Allow communication between Wireguard peers
pass on wg0

# Do not allow clients connected to wg0 to tunnel their outside world traffic
# Only allow local network

#pass out on $egress inet from (wg0:network) nat-to ($egress:$localnet)
# The following line allows access to the Inet AND local network
pass out on $egress inet from (wg0:network) nat-to ($egress:0)
 
You must log in or register to reply here.
Back
Top