OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: bobbythomas on March 31, 2021, 11:36:13 PM

Title: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: bobbythomas on March 31, 2021, 11:36:13 PM
Hi All,

I have upgraded my Opnsense instance to 21.1.4 from 21.1.2 and since then Wireguard is not working, I think the service is not running or some other issue. I see WG handshake timing out on the client side, but there is no traffic seen on the firewall end. I tried capturing packets on the WAN side on port udp 51820 (default port) but it's not even showing any hits. I can see other traffic from same IP and IPSec vpn is also working fine. Was there any changes in 1.5? Do I need to reconfigure WG from scratch after this upgrade?

Thanks in advance.

Bobby Thomas
Title: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: bobbythomas on March 31, 2021, 11:56:33 PM
Ok, this is kind of weird, I tried connecting from inside network and it connected fine, then I tried connecting from WAN again and this time it connected fine. Not sure what's going one with WG.

Going to mark this as Solved.
Title: Re: [Solved] Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: chemlud on April 01, 2021, 08:34:23 AM
Golden rule for VPN: Don't every use standard ports...
Title: Re: [Solved] Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: Greelan on April 01, 2021, 08:52:05 AM
Quote from: chemlud on April 01, 2021, 08:34:23 AM
Golden rule for VPN: Don't every use standard ports...
Don't think it matters with WG, as it is stealthy. See DoS Mitigation here: https://www.wireguard.com/protocol/
Title: Re: [Solved] Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: iam on April 01, 2021, 06:39:01 PM
Quote from: chemlud on April 01, 2021, 08:34:23 AM
Golden rule for VPN: Don't every use standard ports...

That's called security by obscurity ...
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: bobbythomas on April 01, 2021, 07:18:08 PM
This seems to be reoccurring, I am unable to connect to WG from outside (WAN) if try to establish a new session (mostly after some hours after establishing a WG vpn sesison). But after connecting from inside (LAN) I am able to establish a WG session from outside. This is kind of weird. As this is reoccurring I changed the status of this post.

Any idea what could be causing the issue?

Thank you,
Bobby Thomas
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: Greelan on April 01, 2021, 10:19:21 PM
Suggest you post screenshots of your WG setup and relevant FW rules. The behaviour you are reporting is indeed very strange and points to some configuration issue. I have no issues at all connecting with WG under 21.1.4 (whether into OPNsense or out)
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: michael on April 03, 2021, 02:44:35 AM
Same here, Wireguard is working fine for me, the upgrade was problem-free.
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: AF1E on April 03, 2021, 02:37:41 PM
After upgrade to 21.1.4 my wireguard-go service shows as not started and when I try to restart nothing happens.  On the other hand,  wireguard appears to be working when I connect.  I have tried reinstalling the wireguard services and still have the same behavior.
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: mimugmail on April 03, 2021, 03:14:31 PM
Quote from: AF1E on April 03, 2021, 02:37:41 PM
After upgrade to 21.1.4 my wireguard-go service shows as not started and when I try to restart nothing happens.  On the other hand,  wireguard appears to be working when I connect.  I have tried reinstalling the wireguard services and still have the same behavior.

/usr/local/etc/rc.d/wireguard restart

Please post the output
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: AF1E on April 03, 2021, 04:45:23 PM
See below

root@opnsense:~ # /usr/local/etc/rc.d/wireguard restart
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: mimugmail on April 03, 2021, 07:37:51 PM
ps aufx | grep wireguard
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: Georges on April 06, 2021, 07:44:59 PM
Me too

On my side i got this :

# /usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: mimugmail on April 06, 2021, 09:01:34 PM
Quote from: Georges on April 06, 2021, 07:44:59 PM
Me too

On my side i got this :

# /usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface
  • ifconfig wg create name wg0
    [!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
  • wireguard-go wg0
  • wg setconf wg0 /dev/stdin
    Line unrecognized: `PublicKey='
    Configuration parsing error
  • rm -f /var/run/wireguard/wg0.sock
So this is unrelated to the update and happened also before
Title: Re: Wireguard not working after upgrade from 21.1.2 to 21.1.4
Post by: Georges on April 08, 2021, 09:45:54 AM
Because i got it after the update :).
but any way i remove all conf and package, reboot and reinstall package, it's work now.