OPNsense Forum
English Forums => Virtual private networks => Topic started by: FullyBorked on December 23, 2021, 12:16:12 am
-
I'm trying to setup wireguard again. I've tried it a few times and had various issues each time and gave up and move back to OpenVPN. This time I'm able to get a single client device (android phone) up and running and it works fantastic. So figure I'd add a second android device. Generated a second endpoint with a different IP entered all my keys and everything seemed good. That is until I found out that I can only have one device connected at a time. If an endpoint is connected the other will refuse to. At times neither will connect. But if left alone for a bit the next one to try to connect will successfully connect without issue.
My research tells me that I should be able to have multiple endpoints connected to a single server. But I can't figure out how to make it work. Any suggestions. Attached screenshot of config with redacted keys. This feels so simple in thought but seems strangely difficult to implement in practice.
Thanks for any help.
Edit: I've been messing with this more, this seems so finicky. With no config changes sometimes even a single endpoint won't connect. Give it a while, then it will. This makes no sense to me. I don't know how anyone is able to get this up and going. There are very few settings and knobs, but also very little info about what is going on.
-
So is your local config tunnel ip 10.2.1.0/24 and have you added both peers to it?
Also stop and start WG
-
So is your local config tunnel ip 10.2.1.0/24 and have you added both peers to it?
Also stop and start WG
Tunnel ip is 10.2.1.1/24 per the road warrior doc. Assumed that defined both the network and gateway.
Good tip on the service. I've restarted it multiple times. To even get it working after initial setup I had to restart the entire firewall, not sure why.
-
Yeah, soz, you are right re the IP. And you’ve added the two peers in the dropdown?
-
Yeah, soz, you are right re the IP. And you’ve added the two peers in the dropdown?
Yes, both peers added in the dropdown. I had initially missed that one.
-
Should be fine then. I have 3 peers for my road warrior setup and all can connect simultaneously. My only other thought is there is something wrong with the keys.
-
Should be fine then. I have 3 peers for my road warrior setup and all can connect simultaneously. My only other thought is there is something wrong with the keys.
Yea I'd think that to. I've been over it and over it. Sometimes one works and the other doesn't, sometimes, neither work, now only the second one I setup works, and I can't get the first one to work even after reboot. I don't understand this even a little bit. OpenVPN still works flawless and WAN interfaces look good, so I don't know what is happening. My android devices are on Android 12, maybe there is something goofy there? Don't have another external device to test with unfortunately. The lack of logging and information on the server side of WireGuard is almost enough for me to give up on it. Only trying to use it over OpenVPN because my wife hate's the 2FA OpenVPN login process.
-
Post screenshots of all the relevant configs on OPNsense and your devices (masking private keys and public IPs/domains) and that might help troubleshoot
-
Post screenshots of all the relevant configs on OPNsense and your devices (masking private keys and public IPs/domains) and that might help troubleshoot
See if any of this is helpful.
-
Tried removing the first endpoint and re-adding. Now I can't even get it added to the config now. I think this is bugged.
-
Did you click Apply after re-adding it?
Just to sanity check:
On your device, the interface public key is the same as in the Endpoint config for that device on OPNsense?
And on your device, the peer public key is the same as in the Local config for that device on OPNsense?
-
Did you click Apply after re-adding it?
Just to sanity check:
On your device, the interface public key is the same as in the Endpoint config for that device on OPNsense?
And on your device, the peer public key is the same as in the Local config for that device on OPNsense?
Yea, clicked apply, just removed and re-added once more just in case.
Correct on the keys. Keeping in mind this worked up until I added a second endpoint and poof it all blew up.
Might have to put this down for the night, been at this all afternoon and have made no progress, I'm starting to get super annoyed that something seemingly so simple seems impossible. I had OpenVPN up in going in less than 30 min and it's been good for probably a year without issue. I'm something like 5 hours into this and still don't have a working config...makes no sense to me.
Appreciate the replies and help.
-
Exact same problem here, did you ever find a solution?
-
Exact same problem here, did you ever find a solution?
I did finally get this working at a later date. I just blew out the entire config and started again. I have zero clue why it didn't work. I looked at this for hours and couldn't find anything wrong. Maybe it was a odd bug, some weird syntax the UI didn't like or properly convert. I dunno. I regenerated all my keys and everything for server and client and it's fine now.
-
I've run into issues with WG not working for no reason and in the end it turned out to be that I hadn't clicked on the Apply button for the Settings. Once I did that everything worked fine.