Hi,
I've used this evening struggling with wireguard. I followed this guide [1] which tells to setup interface wg1 for the wg. There is some oddity in wg plugin, it doesn't list the first peer for example in list configs, which baffled me for a while, but I see from command line it's in config file.
However adding interface wg1, like instructed in guide, ruins networking. It seems to guide all traffic to this wg1. Which leads nowhere, naturally. Routing table looks like this, see the first line:
root@OPNsense:~ # netstat -r
Routing tables
Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#9 US wg1
default 87-92-128-1.rev.dn UGS igb0
Which to me tells the wg1 grabs the traffic from LAN. As soon as I disable the wg1, the 0.0.0.0/1 line disappears, and the routing becomes normal and I get to internet from LAN.
Why is this, what did I do wrong?
[1] https://docs.opnsense.org/manual/how-tos/wireguard-client.html
here is the config:
root@OPNsense:~ # cat /usr/local/etc/wireguard/wg1.conf
[Interface]
PrivateKey = xxx
Address = 192.168.116.1/24
ListenPort = 55555
[Peer]
PublicKey = yyyH8kTI=
AllowedIPs = 0.0.0.0/0
[Peer]
PublicKey = xxxoKxM=
AllowedIPs = 0.0.0.0/0
I wonder if it's due the allowed IPs, but gui won't allow to save until the field is filled. I want all traffic allowed from the client.
changing the allowed ips to 192.168.116.<client>/32 fixed the routing, but still, no response from the wireguard to android.
oops, private key pasted, reconfiguring ::)
Aaaand found the final error. There some copy paste problem, I had the server pub key also set to android peer in opnsense. do'h, some hours well spent :D
I try to see if I get to delete the post.