Would love to hear more on how you are using public IP's from cloud providers with failover for remote sites. Maybe with pfSenseⓇ or Tnsr?

Christian, i have a challenge with wireguard site to site config. Here is my question, I have public ip at my hq and the branch office is running on starlink. i dont have a public ip at the branch office. Is there a way to configure wireguard to work ? I am a big fun of yor work and i really learn a lot from you. Please keep up the good work. Kindly help me figure this out. thank you.

Would love to see the follow up video with WireGuard and OSPF

Thanks for the great video. Everything works except for remote LAN static IPs are not accessible. Is there something that needs to done for that?

Thanks man, perfectly explained!!

I followed along and had all the traffic go through that connection. Is it possible to create an alias so I can state which devices go through and which ones don't?

Why am I not getting Tailscale as translation address?

This has provided a great getting started with dealing with CGNAT with 5G and StarLink ISP's. Setting up a cloud hosts VPS and then creating a site-to-site VPN with Wireguard to bring traffic into my network for hosted services is my goal.

Helped me out, Thank you

Hi Bro can you please make a detailed step by step video on configuring Pfsense OpenVPN with split tunneling & configure Ubuntu as a VPN client. Please, it's a request. Kindly reply Thanks & regards,

Awesome video mate. Thanks heaps.

Absolutely the best video on wireguard and pfsense! I have re-watched it several times because your teaching of routing, interface, firewall rules, wireguard config, and how it all relates is explained so clearly and thorough. Thank you!

we missed you and your videos.

God dammit man i always forget AllowedIPs

Thanks for putting this video together. Is it still necessary to create the outbound NAT rules? I tried setting this up, and I can't specify "Tailscale address" for the NAT Address. Has the procedure changed, or did I do something wrong?

How do I get the tailscale address option for the NAT address?

That's great! But what if I need to access both networks from outside using a WireGuard client? How should I approach this solution?

This is amazing !

why did you stop making videos??? this one was excellent!

Great video. Thank you. A tip would be that when working with internet dynamic IP we can use a dynamic DNS for endpoint IP, that way if our public IP changes we should be good establishing the tunnel. I've been using Duck DNS and so far so good.

why pfsense will not control traffic tailscale...WTF, i should trust to tailscale .....by fact i will not trust, and by that reason rules on tailscale admin panel will not help me to trust 22:00

How does one backup & restore Koha database or Koha system itself to restore just incase something happen? How often should one backup?

Can you do a video on upgrading from Koha 20.5 to 23.11?

Do you know how to convert WinISIS 1.53 Database into Koha system ???

Hi, Can you please do an updated setup video of Koha ? Debian 12.5 or/& Ubuntu 24.04 Koha 23.11 with Latest supported versions of ElasticSearch, Plack, Memcached, and MariaDB. Please & Thanks.

i'm at my wits end. I have two pfsense devices 1. PFSense Plus behind StarLink and 2. PFSense CE behind T-Mobile. I have tailscale running on both with nat rules on both and I can get from the Tmobile device to the StarLink device but I can't get from the StarLink device to the TMobile device. both show routes correctly in pfsense and both ping using tailscale ping but when I tried to reach the Tmobile router from the StarLink Router I get nothing. HELP! I have scanned the web and watched every YT video I can... don't know what's happening. ... only thing I can think is starlink is a 100. network....$ This doesn't happen if i'm on a phone using tailscale and try to get to either. I can get to both via my phone just not from the starlink device to the tmobile device.

Maybe I'm stupid or I miss somethinh essential. When I try to set up the Hybrid Outbound NAT I stumble on some problem. I set Interface to Tailscale as you showed, I set Source to Network or Alias and insert the subnet of my LAN interface Then down at Translation when I try to set Address to Tailscale address I can't find it in the dropdown list. I first thought you made an alias, but I see a space. Why can't I see the Tailscale Address under Translation Address?

nice.. helped a lot to get my head around this topic!

Excellent video.....👍

THE BEST WireGuard video on KZbin. Not only does everything get explained perfectly, but the walkthrough was the only one to get it working for me.

You are a very good teacher ! Thank you for this.

For anyone following this guide still, make sure you use different listening ports for each tunnel. When you make the config file, after generating the private key, you should be able to enter a custom listening port by clicking "advanced settings." If you don't use different listening ports, one of the tunnel gateways will remain offline.

Thanks for this awesome indepth video. But how can you ping devices on the tailscale network from behind the pfSense? I tried to setup a outbound NAT rule but the nat alias is missing. I've tried to setup it via an network alias, but this isn't working sadly. Seems this part is broken in the latest 23.09.1 update.

Fantastic Guide! and with well delivered insights into the workings of pfsense and the pitfalls one could encounter. Thank you for all your hard work creating the wireguard package and this great video!

Great video! Still having something wrong... If I test with ping in the pfsense diagnostic tool it works perfect, but it doesn't work if i do ping from y pc, I do research with no success, do yo have some clue?

24:57 I couldn't do this part. When I went to NAT, select hybrid, and then create the mapping, on the interface, I could select Mullvad(interface group), but for the Translation Address the option to select the interface address wasn't there, so I just had to create 2 maps, 1 for each of the tunnels but still using Mullvad(interface group) for the interface, and use each Mullvad interface for the translation address. It works, just annoying to have to create 2 mappings per vlan

@Christian McDonald We haven't seen any updates to WireGuard in a long time. Could you please provide information on the current status? Are you still actively working on it??

Thanks for this Video. It helped a lot to unverstand the basics of wireguard and to finish my project.

Wait a minute: Aren't you supposed to add "Site 2"-IPs to the "Site 1 AllowedIPs" in order to make sure, that "When calling an IP in the range of Site2 on Site 1, it goes through the tunnel"? At around 19:00, you add "Site 1 IPs" to the "Allowed IPs" of "Site 1". Nevermind: I skipped over your explanation that "white theme = Site 1 & dark theme = Site 2". You did all correct and I was just confused/skipped too much.

Excellent!

Awesome video. I used this setup for a Wiregaurd VPN connection from my phone to my home, and my mobile laptop to my home. When I connect to my home via the wireguard vpn from my laptop, on the interface statistics widget I get around 20-40 "errors out" per minute. I don't get the same result when connecting via wireguard vpn from my phone, that doesn't give me any "errors out" on the interface statistics widget on the dashboard. The connection works from my laptop, but I'm not sure why I'm getting these errors. Running the VPN for about a half hour gives me 1000 "errors out." Any idea where I can start to try and fix this?

Is the Outbound NAT rule still necessary or maybe set under the hood by the package already? testing this in dec-2023 and I can't even choose "Tailscale address" as NAT interface in a new Outbound NAT rule. Trying to route to a subnet connected via IPSEC ...

Every time I break Wireguard I come back and this video helps me fix it. Thanks again!!

brilliant stuff...but how do I access shared resources on my LAN via hostname and not IP

Amazing video. Keep up the great work!

Two years later and your effort is still paying off. Thank you sir. You explained the /32 interface in a way no one else had for me. Much appreciated!

seems like on pfsense new version (23.09) you cannot assign NAT translation to Tailscale IP / 32. anyone experience this or am I missing something. I was able to follow instructions with out a problem on the last version

An IPv6 tutorial would be great, maybe with a method to avoid IPv6 traffic leak to the WAN interface instead of going into the VPN tunnel.

You can do the same scheme but with a third site. greetings

great explanation, I have one question for yourself or anyone else reading this, so in this site1 to site2 setup pfsense1 to pfsense2 for a device behind pfsense 1 router how do you get it to be able to use the DNS from pfsense 2 to resolve and connect to a device behind pfsens2 router