Hi
I've run into a strange configuration issue. I have my home gateway / Wireguard access server since a few years back and now I'm doing a fresh install on a secondary location. I've followed all the steps in the Howto-Site-to-Site at https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html and keep getting no connection on the new system.
A wg-quick up wg0 on the access server sees all my peers and sets all routes as expected.
# wg-quick up wg0
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.5/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 172.16.15.100/32 -interface wg0
[#] route -q -n add -inet 192.168.20.0/24 -interface wg0
[+] Backgrounding route monitor
The same is true of the wg show
But on the fresh install there is a final line in the wg-quick up wg0 command that is different.
# wg-quick up wg0
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.100/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 172.16.15.5/32 -interface wg0
[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] rm -f /var/run/wireguard/wg0.sock
Where is this last command run?
[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] rm -f /var/run/wireguard/wg0.sock
and why is it not
[#] route -q -n add -inet 192.168.20.0/24 -interface wg0
[+] Backgrounding route monitor
Does anyone know?
To make it clear:
Why does wg-quick up wg0 run an ifconfig wg0 destroy?
I have the same problem, but after upgrading to 21.1.8.
I tried to uninstall the wireguard plugin and install it back, but still no luck.
I tried to activate Wireguard from cli but no luck :
root@OPNsense:~ # wg-quick up /usr/local/etc/wireguard/wg0.conf
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.112.0.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 10.112.0.9/32 -interface wg0
[#] route -q -n add -inet 10.112.0.8/32 -interface wg0
[#] route -q -n add -inet 10.112.0.7/32 -interface wg0
[#] route -q -n add -inet 10.112.0.5/32 -interface wg0
[#] route -q -n add -inet 10.112.0.4/32 -interface wg0
[#] route -q -n add -inet 10.112.0.3/32 -interface wg0
[#] route -q -n add -inet 10.112.0.2/32 -interface wg0
[#] route -q -n add -inet 10.112.0.10/32 -interface wg0
[#] route -q -n add -inet 192.168.1.0/24 -interface wg0
[#] resolvconf -d wg0
[#] rm -f /var/run/wireguard/wg0.sock
More over, Wireguard interface is DOWN in the dashboard and does not appear anymore in the assignments part of the interface.
Hmmm, without info on config hard to debug. I have a S2S wireguard between 2x 21.1.8 working fine before and after updating to 21.1.8.
Quote from: oupsman on July 12, 2021, 07:11:14 AM
I have the same problem, but after upgrading to 21.1.8.
I tried to uninstall the wireguard plugin and install it back, but still no luck.
I tried to activate Wireguard from cli but no luck :
root@OPNsense:~ # wg-quick up /usr/local/etc/wireguard/wg0.conf
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.112.0.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 10.112.0.9/32 -interface wg0
[#] route -q -n add -inet 10.112.0.8/32 -interface wg0
[#] route -q -n add -inet 10.112.0.7/32 -interface wg0
[#] route -q -n add -inet 10.112.0.5/32 -interface wg0
[#] route -q -n add -inet 10.112.0.4/32 -interface wg0
[#] route -q -n add -inet 10.112.0.3/32 -interface wg0
[#] route -q -n add -inet 10.112.0.2/32 -interface wg0
[#] route -q -n add -inet 10.112.0.10/32 -interface wg0
[#] route -q -n add -inet 192.168.1.0/24 -interface wg0
[#] resolvconf -d wg0
[#] rm -f /var/run/wireguard/wg0.sock
More over, Wireguard interface is DOWN in the dashboard and does not appear anymore in the assignments part of the interface.
After a bit of diging, I found something : I removed all the clients but my iPhone and tried to activate the wireguard service : it worked. I then added back all the clients and it still works. I tried to find some debug logs but did not found anything, where are they ?
Quote from: chemlud on July 12, 2021, 09:53:14 AM
Hmmm, without info on config hard to debug. I have a S2S wireguard between 2x 21.1.8 working fine before and after updating to 21.1.8.
Ok, so what would help?
screenshots of the wireguard setup?
wg0.conf from the remote server:
[Interface]
PrivateKey = Edited =
Address = 172.16.15.100/24
ListenPort = 51820
[Peer]
PublicKey = 9mpcKwmI0CeNs9RTlow3i/TV3Amu1gF7nvMmdgHfMAM=
Endpoint = DNS Name of access server:51805
AllowedIPs = 172.16.10.0/24,172.16.15.5/32
Log from the startup:
wg-quick up wg0
[#] ifconfig wg create name wg0
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.100/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 172.16.15.5/32 -interface wg0
[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] ifconfig wg0 destroyI have installed the wireguard-kmod, hence the difference from the previous post.
The only thing I see differing from the working server is the final
ifconfig wg0 destroy
Quote from: oupsman on July 12, 2021, 07:02:34 PM
Quote from: oupsman on July 12, 2021, 07:11:14 AM
I have the same problem, but after upgrading to 21.1.8.
I tried to uninstall the wireguard plugin and install it back, but still no luck.
I tried to activate Wireguard from cli but no luck :
root@OPNsense:~ # wg-quick up /usr/local/etc/wireguard/wg0.conf
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.112.0.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 10.112.0.9/32 -interface wg0
[#] route -q -n add -inet 10.112.0.8/32 -interface wg0
[#] route -q -n add -inet 10.112.0.7/32 -interface wg0
[#] route -q -n add -inet 10.112.0.5/32 -interface wg0
[#] route -q -n add -inet 10.112.0.4/32 -interface wg0
[#] route -q -n add -inet 10.112.0.3/32 -interface wg0
[#] route -q -n add -inet 10.112.0.2/32 -interface wg0
[#] route -q -n add -inet 10.112.0.10/32 -interface wg0
[#] route -q -n add -inet 192.168.1.0/24 -interface wg0
[#] resolvconf -d wg0
[#] rm -f /var/run/wireguard/wg0.sock
More over, Wireguard interface is DOWN in the dashboard and does not appear anymore in the assignments part of the interface.
After a bit of diging, I found something : I removed all the clients but my iPhone and tried to activate the wireguard service : it worked. I then added back all the clients and it still works. I tried to find some debug logs but did not found anything, where are they ?
I have a single peer configured and it still won't start.
the ip address you try to add are not in the same subnet, I wonder if somehow that's not an issue for Wireguard since 21.1.8.
Hi,
This is just for anyone stumbling on the same problem.
Problem:
wg-quick up wg0 exits with a ifconfig destroy wg0 ie the tunnel started just previous is killed.
Reason:
WAN is on the same LAN as I want to add a route to from the remote location.
Why is it?
I temporarily connected the remote location router to my home LAN for setup.