Can anyone point me towards the right direction with my wireguard setup please?
I have configured OPNSense as a server for roadwarriors:
listen port 51820
tunnel address: 10.2.249.1/24
Created a peer on IOS:
interface: 10.2.249.2/32
peer config: <opnsense:51820>
inserted pub key from OPNsense server
Added the peer as endpoint in OPNsense:
Tunnel address: 10.2.249.2/32
inserted the created pub key from IOS endpoint
added this endpoint as peer in the servers local peers list.
Added a firewall rule to allow udp/51820 inbound to firewall from any
Added a firewall rule to the wireguard interface to allow 10.2.249.2 -> any
Result:
When I enable the tunnel on IOS, it turns green and says connected.
No packet crosses the tunnel though.
When I "tcpdump -n udp port 51820" on opnsense, I see no packet. Why would the tunnel turn green then?
I am stuck here. Either I miss a fundamental piece of the concept or... No idea.
Handshakes also shows "0", so it doesn't look like much happened.
Anyone who could give me a push forward?
thanks so much!
I have the same issue with trying to connect using Wireguard app from Android.
I followed the guide here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html?highlight=wireguard (https://docs.opnsense.org/manual/how-tos/wireguard-client.html?highlight=wireguard)
Are you sure you run the tcpdump on the WAN interface via "-i XXX"?
When you don't see a packet from the client it's a problem on the client side.
That's the downside of Wireguard .. there's no real connection.