Hi,
I just tried out wireguard. In general it is runing now, but ...
I configured several peers for one interface with the same allowed IPs.
The file wg0.conf looks like:
[Interface]
Address = 10.10.254.252/24
ListenPort = 51820
PrivateKey = blablabla=
[Peer]
PublicKey = blublublu=
AllowedIPs = 192.168.18.0/24,192.168.252.0/22,10.10.254.2/32
PersistentKeepalive = 30
[Peer]
PublicKey = blobloblo=
AllowedIPs = 10.10.254.45/32,192.168.18.0/24,192.168.252.0/22
PersistentKeepalive = 30
[Peer]
PublicKey = blebleble=
AllowedIPs = 10.10.254.1/32,192.168.18.0/24,192.168.252.0/22
PersistentKeepalive = 30
Keys replaced ;)
But if I look in List Configuration or with wg show I see:
interface: wg0
public key: blablabla=
private key: (hidden)
listening port: 51820
peer: blobloblo=
endpoint: 80.187.100.125:22729
allowed ips: 10.10.254.45/32
latest handshake: 3 minutes, 25 seconds ago
transfer: 360 B received, 524 B sent
persistent keepalive: every 30 seconds
peer: blebleble=
endpoint: 178.132.69.141:51820
allowed ips: 10.10.254.1/32, 192.168.18.0/24, 192.168.252.0/22
latest handshake: 11 minutes, 13 seconds ago
transfer: 132.08 KiB received, 546.62 KiB sent
persistent keepalive: every 30 seconds
peer: blublublu=
allowed ips: 10.10.254.2/32
persistent keepalive: every 30 seconds
So some of the allowed ips are missing. I don't see the fault.
Any ideas?
I also miss the wireguard transfer to a slave OPNsense. Is this in work?
WireGuard doesn't work with HA
The Networks 192.168.18.0/24 and 192.168.252.0/22 can only be routet from OPNsense to one client at the same time.
OPNsense LAN/DMZ/...
10.10.254.252/24 OPNsense Tunnel Network
| Tunnel
10.10.254.x/32 Client
192.168.18.0/24,192.168.252.0/22 Networks behind Client.
In case you want it the other way round, i.e. if OPNsense-Lan is 192.168.18.0/24, then you have to remove the network form server wg0.conf. Put it into the conf at the client.