I have established a VPN Server connection to my Firewalla via WireGuard on my iPhone when I am away from my home network. While on the VPN I am able to ping my home router, and connect a macOS web server on my home network, but I am unable to ping or connect to the Linux web server on my home network. I can connect to both web servers just fine when I’m on my home wifi. So far Firewalla support hasn’t been able to solve the problem, so I’m hoping someone in this sub will have a solution, or at least some suggestions to try. I know there are ways to open up the linux server to the outside world for anyone to access, but that is too big a security risk. Fire away team (pun intended).
Likely your web server has a firewall preventing clients from talking to it outside of your LAN network. Check your server configuration. To verify my claim, if ping works to your Linux server, if that works, the issue is not related to firewalla
Thank you for reaching out. Ping does not work to my Linux server when I’m on the VPN.
I can’t connect to my Mac server from outside my LAN unless I use WireGuard to establish a connection to the Firewalla VPN server, so that is blocking outside access properly.
I am confused by your mention of “outside” my LAN network. When I connect to the Firewalla VPN Server aren’t I back inside my home network?
Check your rules, make sure you are not blocking traffic between the segments. Also if you know how to get into firewalla, ssh into it and ping your Linux, if that works, you have a rules blocking
You’ll likely need to whitelist 10.x.x.x/x on your server. It may just be looking for 192 IP addresses and blocking the other local connection standard IPs.
I’ve checked my rules. I don’t see anything that would be blocking access via WireGuard. I also checked blocked flows to my Linux box and I don’t have any in the last 24 hrs. As a sanity check, I turned on Emergency Access and it had no affect on my ability to ping or access when connected via WireGuard.
I ssh’d into my Firewalla from my iPhone while connected via WireGuard and I was able ping my linux box from the Firewalla SSH console. I am stumped!
Thanks for your help. I want to make sure we’re on the same page. My home network is 10.0.x and I’m able to connect from all of devices with 10.0.x addresses. I noticed Firewalla gives my phone a 10.189.x address when I connect via WireGuard. Are you saying that my linux server has 10.0.x whitelisted, but not 10.x ?
Can you ping other devices on your network? while on your iPhone? if you can, the problem likely still with your linux. (firewall, blocking imp from none LAN IP … etc)
Could be finicky like two of my servers were. I tried whitelisting 10.0.0.0/24 and a number of other alternatives, but it wanted the exact WireGuard DNS server.
Yes. I can ping a web server that I have setup on a Mac while on my iPhone via WireGuard. It’s just the Linux box that’s giving me trouble.
I put on my big boy pants and ran sudo iptables -A INPUT -s 10.189.235.42 -j ACCEPT then I ran sudo iptables -L --line-numbers to confirm that it was added successfully… It was. I was still unable to connect (ssh, ping, browser) so I decided to reboot. After rebooting, I was able to ssh 
For giggles I ran sudo iptables -L --line-numbers again. Lo and behold, my whitelist entry was gone…and yet somehow I can ssh, ping, and browse my web service 
After connecting I launched the VPN app that I usually have running on my linux box, and it kicked me out. So, it’s possible that the whitelist is a red herring, and that the linux VPN is what’s causing the problem? The weird thing about that is I’m running the same VPN app on my Mac server (albeit the MacOS version) and I’ve been able to connect that without any problems.
In that case, and you didn’t add any rules to the linux box, the issue is very likely linux. I’d check linux firewall or security settings first. (make sure it can talk outside of the LAN)
I narrowed the original connection problem down to my VPN provider. As soon as I killed their VPN software, I was able to ping, and ssh from my iPhone. The linux web server is still giving me a little trouble because it doesn’t consider my iPhone to be on the “local network”. I’ve just switched to a provider that supports WireGuard configurations. I now have the 3rd party WireGuard VPN configuration running. If I can open communications between the two networks (see attached screen grab) without creating a security hole to the outside world, I think I’ll have everything working perfectly.