1
Virtual private networks / Site to Site wireguard - service will not start.
« on: October 27, 2022, 04:21:18 pm »
Hi all
I have tried using this guide https://www.youtube.com/watch?v=RoXHe5dqCM0 and also read this https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html however I cannot get my site to site wireguard to even start.
Side A is running
OPNsense 22.1.10_4-amd64
os-wireguard 1.11
wireguard-go 0.0.20220316_2,1
wireguard-tools 1.0.20210914_1
Side B is running
OPNsense 22.7.6-amd64
os-wireguard 1.12
wireguard-go 0.0.20220316_6,1
wireguard-tools 1.0.20210914_1
LAN Network of Subnet behind Side A: 10.13.254.0/24
LAN Network of Subnet behind Side B: 10.12.254.0/24
Side A Settings - Local
Side A Settings - Endpoint
Side B Settings - Local
Side B Settings - Endpoint
If I do that, I can't get the wireguard tunnel to establish. When I check "List Configuration" on side B, I see no mention of this new local/endpoint. On Side B (where this WG config is the only one), I can see the service is not even starting. If I try to manually start wireguard:
Any ideas?
I have tried using this guide https://www.youtube.com/watch?v=RoXHe5dqCM0 and also read this https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html however I cannot get my site to site wireguard to even start.
Side A is running
OPNsense 22.1.10_4-amd64
os-wireguard 1.11
wireguard-go 0.0.20220316_2,1
wireguard-tools 1.0.20210914_1
Side B is running
OPNsense 22.7.6-amd64
os-wireguard 1.12
wireguard-go 0.0.20220316_6,1
wireguard-tools 1.0.20210914_1
LAN Network of Subnet behind Side A: 10.13.254.0/24
LAN Network of Subnet behind Side B: 10.12.254.0/24
Side A Settings - Local
Code: [Select]
Name: S2StoSideBLOCAL
Public Key: *REDACTED*
Private Key: *REDACTED*
Listen Port: 51825
Tunnel Address: 192.168.0.1/24
Peers: SideB
Side A Settings - Endpoint
Code: [Select]
Name: S2StoSideBEndPoint
Public Key: *REDACTED*
Shared Secret: Blank
Allowed IPs: 10.12.254.0/24 192.168.0.1/32
Endpoint Address: <IP address of side B>
Endpoint Port:
Keepalive: 60
Side B Settings - Local
Code: [Select]
Name: S2StoSideALOCAL
Public Key: *REDACTED*
Private Key: *REDACTED*
Listen Port: 51825
Tunnel Address: 192.168.0.2/24
Peers: SideB
Side B Settings - Endpoint
Code: [Select]
Name: S2StoSideAEndPoint
Public Key: *REDACTED*
Shared Secret: Blank
Allowed IPs: 10.13.254.0/24 192.168.0.2/32
Endpoint Address: <IP address of side B>
Endpoint Port:
Keepalive: 60
If I do that, I can't get the wireguard tunnel to establish. When I check "List Configuration" on side B, I see no mention of this new local/endpoint. On Side B (where this WG config is the only one), I can see the service is not even starting. If I try to manually start wireguard:
Code: [Select]
root@router:~ # service wireguard start
[#] ifconfig wg create name wg1
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2 (wg): Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg1
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg1 /dev/stdin
[#] ifconfig wg1 inet 192.168.0.1/24 alias
[#] ifconfig wg1 mtu 1420
[#] ifconfig wg1 up
[#] route -q -n add -inet 192.168.0.1/32 -interface wg1
[#] rm -f /var/run/wireguard/wg1.sock
Any ideas?