You are too kind mate! Thank you for the support 🙂🙂

Thank you so much mate and for all your support! :)

Love it! Thanks for the support :)

That's brilliant mate!! :) Glad I could help!

@@DigitalMirrorComputing Have you tried this not using split tunnel? I can't get internet access working when connected and I'm thinking do I need a NAT rule to allow the traffic out from the Subnet I am sitting on once connected to the VPN? Currently I want to route ALL traffic over VPN so on the client I have AllowedIPs = 0.0.0.0/0

thanks for the support and feedback mate! I've taken note of your suggestions which are great btw!!

Thanks I forgot about this step. I had done it for my OpenVPN setup awhile back, and blanked on the need for this. @DigitalMirrorComputing, maybe you could add a note to the video description that full tunnel won't work unless NAT is also configured?

Sweet!!! :)

You need to add a NAT rule

@@francois584 You rock! Thanks for posting this hint!

this porblem is happend to me in pfsense and mikrotik router .

First of all thanks for watching and for the support msg! If I understood correctly, it's fine to have a private IP assigned to the WAN and to use that with wireguard. I think i the video that's what I did. If you have the option to choose, I would rather have the modem in bridge mode (cable modem only) and place pfsense between the WAN and LAN as that's the correct way to place the firewall. I also don't think you need the DMZ, you can simply disable the DHCP Server (if you have that option) in the modem, and let your pfsense box assume the role of dhcp server. You will run into double NAT, but it's more secure than going through the DMZ (if I understood correctly). Since DHCP is layer 3, if you disable the DHCP, the modem will still work at switch level and you can also use the wireless. I hope this helps mate, but happy to stand corrected if I didn't understand your question! :)

@@DigitalMirrorComputing tks yr quickly reply. In general u got the real picture of my infraestructure, but some other questions arises to me. the main question it's if the endpointin of the WG setup is the public ip got from ISP modem/router or the private IP from the LAN side of ISP router which feed to my WAN pfsense box? Related of the way I bridged the out/in traffic with DMZ configuration, it was to avoid the 2xNAT, and dont delay the traffic. but perharps this is too strict and it will not have any visible effect on the private network. by security reasons If I have to live with double nat, so it will be. In the other hand, I really trust in to pfsense firewall. Sometimes the best is the enemy of the good.

14:14 Allowed IP ranges.

Competely understand the "layers" thing but for my purposes tailscale is fine and I don't have to open a port on my wan

@@xheezy Oh totally mate, Tailscale is great and simplifies wireguard a lot! If it fits your purpose why change right! :)) I might do a video on it as well as there some good benefits for using it!

I use Zerotier. Might test this out once I finally get my Opnsense up and runnning, but I rarely need to access anything when I'm away from home, and 99% of the time just one box. Really enjoy the videos.

A very good tip! This would have saved me a lot of time if I had read your comment when I had this problem. Thank you!

In my case i have setup the NAT outbound rule as well but still no internet... Any advices? Thank you

@@radunastase1865 can you give more details about that outbound NAT rule please?

@@radunastase1865 Did you set the "Outbound NAT Mode" to "Hybrid Outbound NAT rule generation.(Automatic Outbound NAT + rules below)"? i did not at first try and then the "Mappings"-Rule for the Source IP's of the Wireguard-Net was ignored. Also are the the Source IP's of the Wireguard-Net stet correctly?

check your memory and cpu with htop or top. Your filesystem might also be corrupted. I would reinstall the whole thing from fresh! Good luck mate!

@@DigitalMirrorComputing Thanks for the answer. Will check:)

Copy key buttons only work in HTTPS mode

Does the macbook has 2 nic? If it only has one, you "can't" do it!

OVPN Client softwares are trash tbh, and OpenVPN is much slower than WG. Not to mention that with a more user friendly interface you can set up a working VPN a lot faster with Wireguard. pfSense should up their UX game, because this slow bootstrap themed UI is a mess.

That's a very fair point! It can be a pain in the ass to grant and revoke keys all the bloody time! Also I believe you can integrate OpenVPN with ADFS and manage authentication that way! For my home lab (and given I am the only user as the missus is alergic to computers) is good enough! :D Thanks for watching! :)

Tailscale is a thing, but the initial authantication goes through them so technically not as secure

Would it be possible to go over the process of configuring OpenVPN and ADFS for authentication?