Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: Kck on August 06, 2022, 01:10:38 PM

Title: Stuck with Wireguard configuration
Post by: Kck on August 06, 2022, 01:10:38 PM
Hi everyone,
I am trying to setup WireGuard on my OpnSense instance and my iPhone. However I am stuck at this point. Any tips/recommendations are welcome!

My network:

Wireguard interface: 192.168.64.1/24
Clients connected through Wireguard range: 192.168.64.2 – 192.168.64.254 (I guess I will manually define this per user/device when adding a new vpn client configuration)

The steps I have taken:
Install WireGuard plugin (obviously)

Add local configuration with tunnel address 192.168.64.1/24:

Add configuration on my iPhone:

Add endpoint in Wireguard plugin with Allowed Ips: 192.168.64.2/32

Enabled the Wireguard
Added new interface (wg0) and enable it.

Added WAN firewall rule:
  Interface: WAN, Protocol: UDP, Source: any, Destination: WAN address, Destination port range: from: 51820 to: 51820
Added Wireguard firewall rule:
Interface: Wireguard, Protocol: any, Source: Wireguard net, Destination: WAN address, Destination port range: from any to any


When I try to connect through the iPhone application, it connects. I can see the interface in the List Configuration tab, but nothing in Handshakes or whatsoever. Even though it connects fine on my iPhone, I don't have any internal or external access.
Title: Re: Stuck with Wireguard configuration
Post by: Demusman on August 06, 2022, 02:00:02 PM
A /19 on a LAN??? Do you have any idea what that does? Do you really need over 8000 hosts?
Stop! You're generating so much unneeded traffic is ridiculous.

Your firewall rule is only allowing Wireguard to the WAN. Change the destination to LAN or any.
Title: Re: Stuck with Wireguard configuration
Post by: Kck on August 06, 2022, 02:09:41 PM
QuoteYour firewall rule is only allowing Wireguard to the WAN. Change the destination to LAN or any.
Thanks for the suggestion!
Wouldn't this mean that through VPN I would be able to browse the internet? None of the destinations work, not internal resources nor external resources.

I gave it a try, changed from WAN address: to any (see screenshot below), no luck however.

(https://i2.paste.pics/8085889cbe8ba99319fe83ba59f2ccb2.png)
Title: Re: Stuck with Wireguard configuration
Post by: Demusman on August 06, 2022, 02:36:57 PM
You said you assigned a new interface, you shouldn't need the interface for remote access but did you assign it an address? Should be the same address as your WG tunnel.
Also, set the interface MTU to 1420
Text only | Text with Images