Wireguard connects but then I lost internet in the client and the rest of my network is unreachable

[petoniano]

Hello!, I have problems configuring Wireguard. I have a Truenas machine for backup my personal data, for my media library.
I´m trying to use wireguard to access from outside to my Truenas GUI, to Nextcloud, my files, photos,...

I´ve managed to use Wireguard on the truenas base, just enabling it in system/tunables creating the wg0 interface, and
setting a postinit scrip to copy my wg0.conf and the keys to de wireguard directory.

Installed the client in my windows laptop, and in my android phone.
When I activate the tunnel, both android and windows see the trunas GUI, that is ok, but they lost Internet conection to rest of
the WWW, and I can´t access to the other jails, for example my nextcloud server or openspeedtest jail.

Short picture of my network for more information:

My ISP router local ip: 192.168.1.1
my neutral router: wan ip: 192.168.1.2 lan ip: 192.168.0.1
and the rest of the network devices are 192.168.0.X
192.168.0.10 is my truenas server running wireguard on it.
Jails are 192.168.0.14, 15, 16 etc ...

The Server wg0.conf file is somethif like this:
[Interface]
Address = 10.0.0.1/32
PrivateKey = privatekeyA=
ListenPort = 51820

[Peer]
PublicKey = publickey...=
AllowedIPs = 10.0.0.8/32
# android phone

And the client config file is something like this:

[Interface]
Address = 10.0.0.8/32
PrivateKey = theprivatekey=
DNS = 1.1.1.1

[Peer]
PublicKey = hispublickey8=
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = myrealexternalip


Should I change something in the allowed IPs field?, of what can I do to:
- Have internet access while conected to the wiregurd server
- Access the rest of my ips for example 192.168.0.15 (nextcloud)

Thank you very much for the help, i´ve searched a lot, and tried a lot of changes but I can´t solve it.
If more info is needed please ask me, thanks.

 

[petoniano]

this is the routing tables of an example jail, 192.168.0.3 that I use for some services, I can SSH into it, but no internet access from it also

[Carlos@carlosjail ~]$ netstat -rn
Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 wg0 US wg0
default 192.168.0.1 UGS epair0b
10.0.0.4 link#4 UH wg0
82.xxx.xxx.xxx 192.168.0.1 UGHS epair0b
127.0.0.1 link#1 UH lo0
128.0.0.0/1 wg0 US wg0
192.168.0.0/24 link#3 U epair0b
192.168.0.3 link#3 UHS lo0

Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#1 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
fe80::/10 ::1 UGRS lo0
fe80::%lo0/64 link#1 U lo0
fe80::1%lo0 link#1 UHS lo0
ff02::/16 ::1 UGRS lo0

 

[DeltaEntropy]

Did you figure this out? I'm having the same issue.

From what I've gathered it might have something to do with AllowedIPs = 0.0.0.0/0,::/0 on the client config.
If my understanding is correct, this is putting all traffic through the VPN tunnel from the client to the TrueNAS server. This explains losing internet on the client but I can't figure out how to move laterally in the TrueNAS LAN from the client.

 

[DeltaEntropy]

I managed to get it to work for me (had nothing to do with AllowedIPs).

I found this - https://serverfault.com/questions/1020740/how-to-configure-freenas-for-a-wireguard-vpn

Set up the tunables and add the pf.conf post init script. For the script, note that the ext_if = "igb0" should be changed to what actual interface you are using (it was re0 for me), and that wireguard_net_v4 = "192.168.222.0/24" address should be updated to what ever you are using for the wireguard connection (192.168.2.0/24 with local being 192.168.1.0/24).