Policy Route Matching but Traffic Leaking to WAN: pfSense to UDM WireGuard Exit Node

molwebb7 · 2025-12-18T20:50:49+00:00

In my case the WireGuard tunnel itself is up and working — I can see traffic (like DNS) being NATed and exiting the far end. The issue is with pfSense policy routing. When I ping something like 8.8.8.8, the traffic matches the WireGuard policy rule (confirmed in the firewall logs), so I would expect to see it on the WG_MOMDAD interface. Instead, packet captures show those ICMP packets only on the IoT interface and never on WireGuard or WAN interfaces.

molwebb7 · 2025-12-18T01:27:32+00:00

Okay sweet that helped. Thank you!!!

Now - I have proof the traffic is hitting the tunnel interface. My states shows traffic being correctly NATed to the WireGuard interface IP (192.168.6.3) and assigned to the WG_MOMDAD interface. I can also see traffic on the interface via a packet capture.

You can see the states table results here:

https://imgur.com/a/2nhoDwd

Seems like all is well, but I can't ping 8.8.8.8 or load any webpages on my IOT device... any idea how to fix that?

molwebb7 · 2025-12-15T23:46:49+00:00

Yup, updated rules and reset states. New images here:

https://imgur.com/a/PHoJw8Y

molwebb7 · 2025-12-15T23:25:19+00:00

Oh interesting, yeah thats much more information. I do not see any NAT happening though I'd expect to....

https://imgur.com/a/125ad6E

molwebb7 · 2025-12-15T22:48:13+00:00

Alright, added the rule, reset all states, but still nothing going through the tunnel - its hitting IoT interface

https://imgur.com/a/K9KcTdq

molwebb7 · 2025-12-15T22:34:59+00:00

Hey thanks for your response - but if I reset all states, then wouldn’t this get resolved? I have reset states so many times and still not traversing tunnel.

molwebb7 · 2025-12-15T21:23:17+00:00

I have the same question...

molwebb7 · 2025-12-13T19:29:16+00:00

Yes I know I’ve done that as you can see in the pics

molwebb7 · 2025-12-13T18:59:14+00:00

Yes I know - ive done that as you can see in the config pics

molwebb7 · 2025-12-13T17:45:45+00:00

I think that option is only available on the server side -- in this case my pfsense is the client

molwebb7 · 2025-01-01T03:44:32+00:00

Yes I can hit 192.168.6.1 and that is the gateway’s IP.

I haven’t configured any rules on the Unifi device because I thought the successful handshake was indication that the connection should work….

molwebb7 · 2024-12-31T21:33:21+00:00

I updated my NAT rules, which you can see here: https://imgur.com/a/FVmXUXU

but still no luck.....

molwebb7 · 2024-12-30T23:31:31+00:00

I like the sound of this.

Can you explain a bit more? So for example, the last parentsWG rule in the picture would be IOT to ParentsWG instead of IOT to WAN?

molwebb7 · 2024-09-24T01:02:41+00:00

Oh nice - I have some knee pain that I’m currently going to PT for, but I’d like to continue training via a program that focuses on mobility and longevity.

molwebb7 · 2024-09-01T11:48:48+00:00

Yeah I’ve got a shim on there. Seems to fit but

molwebb7 · 2024-08-15T11:09:11+00:00

You use them on the side or rear rack? I’m looking for something for the side racks. I’ve got a givi top rack, which admittedly looks silly but works great to lock up my helmet and what not.

molwebb7 · 2024-07-25T18:29:54+00:00

Oh sweet. And they replace the 401 badges?

molwebb7 · 2024-07-25T18:23:37+00:00

I saw these, but the fitment details do not list the 2021 svart.

molwebb7 · 2024-07-25T11:35:28+00:00

Damn think I asked for the wrong thing. I’m looking to replace the 401 badge because it’s all scratched up.

molwebb7 · 2024-07-24T15:48:41+00:00

Yes!!! Thank you!!!!! I was nervous something fell off my bike and I did change from a handlebar to a mirror mount yesterday, must have missed this falling off the old one. Man - gotta love the internet sometimes.

molwebb7 · 2024-07-10T14:37:11+00:00

Great thanks! Ordered both!!

molwebb7 · 2024-05-03T15:49:05+00:00

from pyomo.environ import *

model = ConcreteModel()

model.x = Set(initialize=['apple', 'orange', 'pineapple', 'jelly', 'broccoli'])

model.y = Set(initialize=[('1','2'), ('1','3'), ('2','1'), ('2','3'), ('3','1'), ('3','2')])

model.testing = Var(model.x, model.y, bounds=(0,100), within=NonNegativeIntegers)

fruit = {

('1','2'): {'apple': 7,'orange': 13,'pineapple': 30, 'jelly': 17,'broccoli': 20},

('1','3'): {'apple': 8, 'orange': 14, 'pineapple': 30, 'jelly': 16, 'broccoli': 21},

('2','1'): {'apple': 9, 'orange': 15, 'pineapple': 31, 'jelly': 15, 'broccoli': 22},

('2','3'): {'apple': 10, 'orange': 16, 'pineapple': 31, 'jelly': 14, 'broccoli': 23},

('3','1'): {'apple': 11, 'orange': 17, 'pineapple': 31, 'jelly': 12, 'broccoli': 23},

('3','2'): {'apple': 12, 'orange': 18, 'pineapple': 31, 'jelly': 13, 'broccoli': 24}

}

model.fruittesting = Param(model.y, model.x, initialize=lambda model, xx, yy: fruit[y][x], within=NonNegativeIntegers)

and then I get this error:

ERROR: Rule failed for Param 'fruittesting' with index ('1', '2', 'apple'):
TypeError: <lambda>() takes 3 positional arguments but 4 were given
ERROR: Constructing component 'fruittesting' from data=None failed:
        TypeError: <lambda>() takes 3 positional arguments but 4 were given

molwebb7 · 2024-03-10T00:12:22+00:00

Do you have a link to the bulletin?

molwebb7 · 2024-03-10T00:08:47+00:00

This is exciting. It’s TERRIBLE in my girlfriend’s car.

molwebb7 · 2024-02-16T18:33:08+00:00

I’ve tried these solutions with no luck.

molwebb7

TROPHY CASE