OPNsense Forum
Archive => 20.1 Legacy Series => Topic started by: michael on February 15, 2020, 03:24:15 pm
-
Has anyone else had issues with Wireguard since the most recent update? I’m running 20.1.1
It may be coincidental, however my Wireguard-Mullvad configuration, based on the routerperformance.net Azire write-up, was working well, but it suddenly prevents my network from internet access. I'm not sure what exactly is happening, but nothing in my config has changed. I've tried starting over, to no avail, I have no internet access as soon as I turn on the VPN, and it returns as soon as I turn it off.
-
Via CLI:
/usr/local/etc/rc.d/wireguard restart
Post the output please
-
OK, thanks. Here's the output, IP addresses redacted:
$ /usr/local/etc/rc.d/wireguard restart
[#] rm -f /var/run/wireguard/wg0.sock
[#] resolvconf -d wg0
[#] wireguard-go wg0
INFO: (wg0) 2020/02/15 15:22:28 Starting wireguard-go version 0.0.20200121
[#] wg setconf wg0 /tmp/tmp.b1mLyP2u/sh-np.KeKpO1
[#] ifconfig wg0 inet 10.xx.xx.xx/32 10.xx.xx.xx alias
[#] ifconfig wg0 inet6 fc00:xxxx:xxxx:xxxx::3:55c/128 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet6 ::/1 -interface wg0
[#] route -q -n add -inet6 8000::/1 -interface wg0
[#] route -q -n add -inet 0.0.0.0/1 -interface wg0
[#] route -q -n add -inet 128.0.0.0/1 -interface wg0
[#] route -q -n add -inet xx.xx.xxx.xxx -gateway xx.xxx.xx.xx
[+] Backgrounding route monitor
ifconfig: SIOCAIFGROUP: Operation not permitted
-
Any ideas?
-
Can you try to revert WireGuard with opnsense-revert? You can read in the Docs how it works
-
Can you try to revert WireGuard with opnsense-revert? You can read in the Docs how it works
Thanks for the help. With the 20.1.1 update, it appeared that nothing had changed with the wireguard plugin, so I tried a complete -revert of the entire opnsense 20.1.1 update. That went fine. Rebooted, still the same issues with wireguard connection not allowing internet connections on the LAN. The error in the code output above (`ifconfig:`) made me think that something had gotten corrupted with either the interface or gateway. So, I deleted both of those, as well as the wireguard configuration and started over. It appears to be running fine, so that was likely the problem.
Now, the test will be to upgrade to 20.1.1 and see if it breaks again.
-
Opnsense-revert -r 20.1 wireguard
Same for wireguard-go
-
Once I confirmed that the Wireguard connection was working and internet was functional on the network through the VPN, I backed up the config and then upgraded again to 20.1.1
So far everything is still functional. If it breaks, I'll revert Wireguard as suggested.
The only odd thing that I see (and it was this way before as well) is the Gateway shows "disabled" but "online" is green, also priority shows "defunct" as the default setting is 255, not sure if this should be different.
-
Looks like you were on 19.1 before 20.1?
-
Looks like you were on 19.1 before 20.1?
Correct.
-
Then you can't use the old gateway logic for it:
https://forum.opnsense.org/index.php?topic=15105.msg69873#msg69873
-
Oh, thanks for that! That was the main problem with the configuration, somehow I missed the fact that the Gateway logic changed with the newer version(s). After following your instructions from the linked thread, all looks to be functioning as it should.