OPNsense Forum
English Forums => Virtual private networks => Topic started by: NetGobbler on November 17, 2022, 09:50:25 am
-
I am absoloutely stumped and lost, I would love some help if anyone could be so kind.
https://docs.opnsense.org/manual/how-tos/wireguard-client.html
I've followed this guide, twice, still no success.
2022-11-17 19:39:05.969: [TUN] [WireGuard-Home] Starting WireGuard/0.5.3 (Windows 10.0.19045; amd64)
2022-11-17 19:39:05.969: [TUN] [WireGuard-Home] Watching network interfaces
2022-11-17 19:39:05.970: [TUN] [WireGuard-Home] Resolving DNS names
2022-11-17 19:39:05.999: [TUN] [WireGuard-Home] Creating network adapter
2022-11-17 19:39:06.213: [TUN] [WireGuard-Home] Using existing driver 0.10
2022-11-17 19:39:06.217: [TUN] [WireGuard-Home] Creating adapter
2022-11-17 19:39:06.437: [TUN] [WireGuard-Home] Using WireGuardNT/0.10
2022-11-17 19:39:06.442: [TUN] [WireGuard-Home] Enabling firewall rules
2022-11-17 19:39:06.375: [TUN] [WireGuard-Home] Interface created
2022-11-17 19:39:06.494: [TUN] [WireGuard-Home] Dropping privileges
2022-11-17 19:39:06.496: [TUN] [WireGuard-Home] Setting interface configuration
2022-11-17 19:39:06.496: [TUN] [WireGuard-Home] Peer 1 created
2022-11-17 19:39:06.497: [TUN] [WireGuard-Home] Monitoring MTU of default v6 routes
2022-11-17 19:39:06.513: [TUN] [WireGuard-Home] Setting device v6 addresses
2022-11-17 19:39:06.527: [TUN] [WireGuard-Home] Monitoring MTU of default v4 routes
2022-11-17 19:39:06.527: [TUN] [WireGuard-Home] Setting device v4 addresses
2022-11-17 19:39:06.497: [TUN] [WireGuard-Home] Interface up
2022-11-17 19:39:06.539: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXX:51820)
2022-11-17 19:39:06.554: [TUN] [WireGuard-Home] Startup complete
2022-11-17 19:39:06.597: [MGR] Failed to connect to adapter interface \\?\SWD#WireGuard#{BF3B95B6-1560-2491-14DC-E2DE2493C878}#{cac88484-7515-4c03-82e6-71a87abac361}: The system cannot find the file specified. (Code 0x00000002)
2022-11-17 19:39:06.592: [TUN] [WireGuard-Home] Receiving handshake response from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:06.592: [TUN] [WireGuard-Home] Keypair 1 created for peer 1
2022-11-17 19:39:16.622: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:26.739: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:36.785: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:46.824: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:58.269: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:40:08.739: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:40:18.756: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:40:26.298: [TUN] [WireGuard-Home] Shutting down
2022-11-17 19:40:26.314: [MGR] [WireGuard-Home] Tunnel service tracker finished
I know for a fact, I messed this up the first time, because I neglected to copy, my public key from my Windows client into Step 3 (endpoint)
However I did fix that the second time,.
I've also followed this guide which seems significantly less complicated (to the point I suspect it's lacking some items?) which also, obviously didn't work. A whole heap of items from the above guide are lacking for this one.
https://0x2142.com/how-to-set-up-wireguard-on-opnsense/
Error for this guide was:
2022-11-17 18:43:20.601: [TUN] [WireGuard-Home] Interface up
2022-11-17 18:43:20.612: [TUN] [WireGuard-Home] Monitoring MTU of default v4 routes
2022-11-17 18:43:20.612: [TUN] [WireGuard-Home] Setting device v4 addresses
2022-11-17 18:43:20.650: [TUN] [WireGuard-Home] Startup complete
2022-11-17 18:43:20.658: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXXXX:51820)
2022-11-17 18:43:25.711: [TUN] [WireGuard-Home] Handshake for peer 1 (XXXXXXXXXXX:51820) did not complete after 5 seconds, retrying (try 2)
2022-11-17 18:43:25.711: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXXXX:51820)
2022-11-17 18:43:30.748: [TUN] [WireGuard-Home] Handshake for peer 1 (XXXXXXXXXXX:51820) did not complete after 5 seconds, retrying (try 2)
2022-11-17 18:43:30.748: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXXXX:51820)
2022-11-17 18:43:35.804: [TUN] [WireGuard-Home] Handshake for peer 1 (XXXXXXXXXXX:51820) did not complete after 5 seconds, retrying (try 2)
2022-11-17 18:43:35.804: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXXXX:51820)
2022-11-17 18:43:37.541: [TUN] [WireGuard-Home] Shutting down
I understand I'm not really too skilled here but I mean I've had opnsense up and running for nearly a year, I've followed guides for forwarding ports, I've been working with computers 30 years, but this eludes me no end.
If I should be asking somewhere else, please let me know if there's a 'newbie' forum.
-
Without showing your actual setup (screenshots) nobody will be able to help you. Most likely: keys messed up? ;-) Do you ever see a handshake in the GUI?
-
Did you allow access to your DNS through for the IP address range?
-
Did you allow access to your DNS through for the IP address range?
I mean once it connected (it seemed to actually connect for the first guide) I was simply trying to ping my NAS or opnsense machine - to no avail, via IP - not hostname, so I imagine DNS isn't the issue.
-
Without showing your actual setup (screenshots) nobody will be able to help you. Most likely: keys messed up? ;-) Do you ever see a handshake in the GUI?
I /think/ there's a handshake, in the first tutorial (the block quote seems to imply it's connected and performing a keep alive) but I actually don't know, where in the GUI to even check for a handshake. I'll try again and see.
(That's an awful lot of screenshots but I'll try)
-
Without showing your actual setup (screenshots) nobody will be able to help you. Most likely: keys messed up? ;-) Do you ever see a handshake in the GUI?
Ok I think I've got all the screenshots I can and anonymised them best I can.
https://i.imgur.com/9640ASg.png
https://i.imgur.com/TO1FRE7.png
https://i.imgur.com/qionbTN.png
https://i.imgur.com/gr4SQLO.png
https://i.imgur.com/03Klb3V.png
https://i.imgur.com/xRtd23f.png
https://i.imgur.com/SXCosZv.png
-
I don't see an Endpoint configuration for Phone on OPNsense in those screenshots. Or the WG configuration on the phone itself
-
I don't see an Endpoint configuration for Phone on OPNsense in those screenshots. Or the WG configuration on the phone itself
Sorry, thank you!
Endpoint:
https://i.imgur.com/CRPeZVz.png
Windows client (for testing, phone eventually obviously)
https://i.imgur.com/RL8agTw.png
-
The Endpoint Allowed IPs are incorrect. See step 3 of the official guide. It should be a /32 within the /24 subnet set for the tunnel under Local
-
The peer config on the sense:
- Allowed IPs the tunnel IP of the client is missing and 0.0.0.0/24 is more likely 0.0.0.0/0
Handshakes are in the GUI plugin for the Dashboard as well as in the WG part of the GUI under Status and Handshakes (unsurprisingly ;-) ).