I intend to use wireguard on my firewall as a replacement for my OpenVPN client. I have an existing VPS running wireguard that I use with my phones and tablets on the go. I am having issues getting the gateway setup and outbound rules to route my LAN traffic over the wireguard VPN.
On 19.7.2, I wasn't able to add a gateway for my WG interface. Post 19.7.3 upgrade all of the gateways I attempted to add now show up on the gateway list, but I can't enable them, and they show as defunct. I was able to delete all but 1 with the web interface the last needed to be removed with the config.xml
Is anyone having and issue like this?
Gateways for WG now need a static IP, dynamic doesn't work anymore since 19.7.
Don't forget to also add this IP in WireGuard local instance (advanced)
So what IP do you set for the gateway?
Quote from: tusc on August 29, 2019, 10:53:42 PM
So what IP do you set for the gateway?
I used the tunnel address. But I still cant seem to get traffic to go outbound. But the gateway comes up.
Please write them down here, hard to follow
Gateway:
(https://i.imgur.com/pYS1Owi.png)
WG interface rule: (This is the one I added)
(https://i.imgur.com/5zFdCUR.png)
Wireguard interface rule: (System generated interface......that doesn't show up in interface list)
(https://i.imgur.com/d7xLukM.png)
Outbound NAT rule
(https://i.imgur.com/iU3TBqn.png)
Lan rule: It's disabled because nothing routes outbound.
(https://i.imgur.com/svvj4Re.png)
The wireguard client connects to the server, it's just not routing traffic for the members of the "WGtest" Aliases.
Output of "# wg" on the server
peer: .../................Ln1hk67BUszGa.........
endpoint: xx.xxx.xxx.xxx:31820
allowed ips: 10.100.0.2/32
latest handshake: 22 seconds ago
transfer: 930.51 KiB received, 237.18 KiB sent
Running "tcpdump" on the server with all other clients disconnected confirms no traffic being passed.
I need screenshot of enpoint config on client
(https://i.imgur.com/Dktrh8y.png)
(https://i.imgur.com/CC7akdq.png)
And what is the Tunnel Address of the central unit?
Quote from: mimugmail on August 30, 2019, 07:23:34 AM
And what is the Tunnel Address of the central unit?
Not sure I understand what you are asking. Where can I find this information? the address I want the firewall to use for the tunnel is 10.100.0.2/32
Well it kind of works if
- I don't use the created gateway
- Route all subnet traffic out over Wireguard
Which meet my intent as that was my plan all along.....Just would have like to test it using a few clients before I pushed for the whole LAN network.
The gateway is the problem.
Configure your gateway this way:
Gateway -> Your WG Gateway Name-> IPv4 Configuration Type: None
EDIT: this (https://forum.opnsense.org/index.php?topic=15105.15) is probably a better thread to follow up on for this issue.Has anyone got the gateway routing scenario to work?
And if so: how?
I've got Wireguard up and running (Mullvad), handshake confirmed and everything.
Can anyone provide a clear and concise step-by-step guide on what to do from there?
Assuming the following (random dummy data):
- Endpoint address: 188.2.5.7
- Local address: 10.88.7.55
- Desired gateway address: 10.0.0.1
What do I do then?
- Create interface -> configure it how exactly?
- Create gateway on interface -> configure it how exactly?
- ...?
I am purposely not including my current attempts at getting it to work because I assume there must be a way it's intended to be done. As such I don't want to add any potentially confusing information.
All I'm hoping for is that the answer can be as clear and to-the-point as my question itself.
I imagine it'll be more useful to other people finding this thread as well (I know that's what I was looking/hoping for...).
Cheers guys :)