Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: Rhabarbertorte on August 21, 2022, 09:31:09 PM

Title: Wireguard stopped working OPNsense 22.7.2
Post by: Rhabarbertorte on August 21, 2022, 09:31:09 PM
Hello together,

Since the last update to OPNsense 22.7.2, none of my wireguard tunnels work anymore. I never had a problem with Wireguard and OPNsense before, how can this be?

Am I the only one for whom Wireguard no longer works?

The error image shows that traffic reaches the Wireguard server on my OPNsense and the server supposedly responds (see image) --> however, this traffic does not reach the endpoints on the other side.



I also did a complete reinstall of OpnSense and played back a backup. Problem stays the same.

Title: Re: Wireguard stopped working OPNsense 22.7.2
Post by: Rhabarbertorte on August 21, 2022, 09:43:21 PM
I have some addition: This is what a wireguard log looks like. I captured on WAN side.

Is 0.0.0.0 as sender OK? Looks not right.
Title: Re: Wireguard stopped working OPNsense 22.7.2
Post by: nzkiwi68 on August 22, 2022, 05:19:45 AM
That peer only allows traffic coming from a single IP address of 10.48.150.2 and nothing else.

Normally, the peer would have at least 2 sets of IP addresses:
10.48.150.2/32 (the tunnel peer IP address I assume)
PLUS say 192.168.83.0/24 - the LAN subnet, or whatever subnet or subnets from that peer

See my peer partner in my setup:
Code Select

peer: wx5ahL.....................
  preshared key: (hidden)
  endpoint: 202.XXXX.XXXXX.244:51820
  allowed ips: 192.168.83.0/24, 10.1.18.1/32
  latest handshake: 3 days, 6 hours, 46 minutes, 6 seconds ago
  transfer: 35.49 KiB received, 28.43 KiB sent


192.168.83.0/24 is the LAN subnet of the other side
10.1.18.1/32 is the peer's tunnel IP address (and my end happens to be 10.1.18.2/24)

Title: Re: Wireguard stopped working OPNsense 22.7.2
Post by: Rhabarbertorte on August 22, 2022, 10:41:59 AM
That peer is a smartphone, therefore only one ip is correct.
Title: Re: Wireguard stopped working OPNsense 22.7.2
Post by: Demusman on August 22, 2022, 03:57:08 PM
Quote from: Rhabarbertorte on August 22, 2022, 10:41:59 AM
That peer is a smartphone, therefore only one ip is correct.

This worked fine without the tunnel as allowed?

Did you try to delete and recreate the tunnel?
Title: Re: Wireguard stopped working OPNsense 22.7.2
Post by: Rhabarbertorte on August 22, 2022, 04:19:04 PM
I was able to narrow down the problem even further.
Now it's getting really interesting!

Everything that leaves the firewall and is not bound by IP to a specific interface, e.g. ping, goes out with the source ip 0.0.0.0. Therefore no response is received.

See screenshot.
Title: Re: Wireguard stopped working OPNsense 22.7.2
Post by: mimugmail on August 22, 2022, 06:02:22 PM
Seems you have a broken nat rule.
Check them please
Title: Re: Wireguard stopped working OPNsense 22.7.2
Post by: Rhabarbertorte on August 22, 2022, 08:22:44 PM
I was able to fix it. But don't ask me how. Tried so many things.
Most likely it was related to a old failover interface (not connected).
Text only | Text with Images