Connect to WireGuard clients from LAN (with PFSense)

• Introduction
• Problem Setup and Variables
• Static Routes
• Create a Static Route in PFSense

Introduction

Here's my particular situation:

1. I'm developing Emilio. Which requires to have an accessible endpoint so that I can query stuff from a Gmail Addon.
2. I have Nginx Proxy Manager at home routing requests made to my development url to my laptop so I can test this endpoint.
3. I have a WireGuard VPN server at home that I can use to connect my devices to my local network when I travel.

You might have a similar issue if you have set up a server somewhere, say, your friend's home, and you want that server to be part of your local network.

Problem:
WireGuard clients (my laptop) have a totally different subnet:

• Your local subnet (probably): 192.168.0.0 (255.255.255.0 as the mask or /24)
• WireGuard subnet: 10.6.0.0/24

This means that, while I can ping LAN devices from my laptop when connected through WireGuard, I cannot do the opposite.

Here's a solution that worked for me.

Problem Setup and Variables

To make this guide clearer I will create fictional addresses:

• My laptop's WireGuard IP: 10.6.0.12
• WireGuard's server internal IP at home: 192.168.0.59

What I want:
NGINX routing requests from test.domain.com to 10.6.0.12.

Static Routes

I want to tell my NGINX host or any device in my LAN for that matter, where to point when I request the IP 10.6.0.12.

This is a great use case for static routes.

To create a static route you need 3 things:

1. The Gateway: What's the entry point for the subnet you want to connect to.
2. The subnet you want to connect to
3. The subnet mask

In my case:

1. Gateway: 192.168.0.59
2. Subnet: 10.6.0.0
3. Subnet mask: /24 or 255.255.255.0 (they're 2 ways of saying the same)

Create a Static Route in PFSense

I use PFSense at home, so I will demonstrate how to do it in there. If you have another router or firewall just search how to add a static route in your specific model.

1. Go to System > Routing
2. In the Gateways tab, add a new gateway.
3. Give the gateway the name you want and set the IP, in my case 192.168.0.59 (the WireGuard server at home).
4. Apply the changes.
5. Now in the Routing menu, go to Static Routes
6. Hit + Add
7. In Destination Network add the WireGuard subnet, in my case 10.6.0.0/24
8. Select the Gateway we just added
9. Give it a description if you want
10. Save and apply changes

Done!

Now you should be able to ping your laptop from your LAN. It might take a few minutes though, so be patient.

In my case I can now create an NGINX proxy that redirects test.domain.com to my laptop while away at 10.6.0.12.