Print Page - Wireguard not passing UDP traffic

Title: Wireguard not passing UDP traffic - all UDP traffic blocked
Post by: nzkiwi68 on January 19, 2022, 04:32:03 AM

I've setup some site to site VPN tunnels using WG for a migration project from another firewall using IPSEC tunnels
I have build specific fw rules on the "Wireguard (Group" fw rules tab, including rules for TCP/UDP
Citrix users, running an older Citrix client can logon, but, newer client including thin client OS couldn't logon

After a bit of work, I figured out that OPNsense is blocking UDP traffic. TCP and ICMP is passing just fine, but all UDP traffic is getting blocked.

Somehow, TCP and ICMP are routing up and down the WG tunnels and passing correctly through the firewall rules, but, not UDP.

See the screen capture showing blocked UDP. I guarantee 100% there IS a firewall rule on the "Wireguard (Group)" fw rules tab to allow this UDP traffic, but, somehow TCP and ICMP are being treated differently.

Questions
I don't have a "wg0" interface setup - do I need to add that "wg0" interface?
If I add that, do have to give it an IP address?

Any help appreciated.

Title: Re: Wireguard not passing UDP traffic - all UDP traffic blocked
Post by: Greelan on January 19, 2022, 11:35:45 AM

What do the firewall rules look like?

Title: Re: Wireguard not passing UDP traffic - all UDP traffic blocked
Post by: OmnomBánhmì on January 19, 2022, 04:50:26 PM

Try enabling logging on all possibly relevant firewall rules, and check the log.

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: nzkiwi68 on January 19, 2022, 04:32:03 AM