OPNsense Forum

I am absoloutely stumped and lost, I would love some help if anyone could be so kind.


https://docs.opnsense.org/manual/how-tos/wireguard-client.html
I've followed this guide, twice, still no success.

Quote2022-11-17 19:39:05.969: [TUN] [WireGuard-Home] Starting WireGuard/0.5.3 (Windows 10.0.19045; amd64)
2022-11-17 19:39:05.969: [TUN] [WireGuard-Home] Watching network interfaces
2022-11-17 19:39:05.970: [TUN] [WireGuard-Home] Resolving DNS names
2022-11-17 19:39:05.999: [TUN] [WireGuard-Home] Creating network adapter
2022-11-17 19:39:06.213: [TUN] [WireGuard-Home] Using existing driver 0.10
2022-11-17 19:39:06.217: [TUN] [WireGuard-Home] Creating adapter
2022-11-17 19:39:06.437: [TUN] [WireGuard-Home] Using WireGuardNT/0.10
2022-11-17 19:39:06.442: [TUN] [WireGuard-Home] Enabling firewall rules
2022-11-17 19:39:06.375: [TUN] [WireGuard-Home] Interface created
2022-11-17 19:39:06.494: [TUN] [WireGuard-Home] Dropping privileges
2022-11-17 19:39:06.496: [TUN] [WireGuard-Home] Setting interface configuration
2022-11-17 19:39:06.496: [TUN] [WireGuard-Home] Peer 1 created
2022-11-17 19:39:06.497: [TUN] [WireGuard-Home] Monitoring MTU of default v6 routes
2022-11-17 19:39:06.513: [TUN] [WireGuard-Home] Setting device v6 addresses
2022-11-17 19:39:06.527: [TUN] [WireGuard-Home] Monitoring MTU of default v4 routes
2022-11-17 19:39:06.527: [TUN] [WireGuard-Home] Setting device v4 addresses
2022-11-17 19:39:06.497: [TUN] [WireGuard-Home] Interface up
2022-11-17 19:39:06.539: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXX:51820)
2022-11-17 19:39:06.554: [TUN] [WireGuard-Home] Startup complete
2022-11-17 19:39:06.597: [MGR] Failed to connect to adapter interface \\?\SWD#WireGuard#{BF3B95B6-1560-2491-14DC-E2DE2493C878}#{cac88484-7515-4c03-82e6-71a87abac361}: The system cannot find the file specified. (Code 0x00000002)
2022-11-17 19:39:06.592: [TUN] [WireGuard-Home] Receiving handshake response from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:06.592: [TUN] [WireGuard-Home] Keypair 1 created for peer 1
2022-11-17 19:39:16.622: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:26.739: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:36.785: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:46.824: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:39:58.269: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:40:08.739: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:40:18.756: [TUN] [WireGuard-Home] Receiving keepalive packet from peer 1 (XXXXXXXXXXX:51820)
2022-11-17 19:40:26.298: [TUN] [WireGuard-Home] Shutting down
2022-11-17 19:40:26.314: [MGR] [WireGuard-Home] Tunnel service tracker finished

I know for a fact, I messed this up the first time, because I neglected to copy, my public key from my Windows client into Step 3 (endpoint)
However I did fix that the second time,.



I've also followed this guide which seems significantly less complicated (to the point I suspect it's lacking some items?) which also, obviously didn't work.  A whole heap of items from the above guide are lacking for this one.

https://0x2142.com/how-to-set-up-wireguard-on-opnsense/

Error for this guide was:

Quote
2022-11-17 18:43:20.601: [TUN] [WireGuard-Home] Interface up
2022-11-17 18:43:20.612: [TUN] [WireGuard-Home] Monitoring MTU of default v4 routes
2022-11-17 18:43:20.612: [TUN] [WireGuard-Home] Setting device v4 addresses
2022-11-17 18:43:20.650: [TUN] [WireGuard-Home] Startup complete
2022-11-17 18:43:20.658: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXXXX:51820)
2022-11-17 18:43:25.711: [TUN] [WireGuard-Home] Handshake for peer 1 (XXXXXXXXXXX:51820) did not complete after 5 seconds, retrying (try 2)
2022-11-17 18:43:25.711: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXXXX:51820)
2022-11-17 18:43:30.748: [TUN] [WireGuard-Home] Handshake for peer 1 (XXXXXXXXXXX:51820) did not complete after 5 seconds, retrying (try 2)
2022-11-17 18:43:30.748: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXXXX:51820)
2022-11-17 18:43:35.804: [TUN] [WireGuard-Home] Handshake for peer 1 (XXXXXXXXXXX:51820) did not complete after 5 seconds, retrying (try 2)
2022-11-17 18:43:35.804: [TUN] [WireGuard-Home] Sending handshake initiation to peer 1 (XXXXXXXXXXX:51820)
2022-11-17 18:43:37.541: [TUN] [WireGuard-Home] Shutting down

I understand I'm not really too skilled here but I mean I've had opnsense up and running for nearly a year, I've followed guides for forwarding ports, I've been working with computers 30 years, but this eludes me no end.


If I should be asking somewhere else, please let me know if there's a 'newbie' forum.

Without showing your actual setup (screenshots) nobody will be able to help you. Most likely: keys messed up? ;-) Do you ever see a handshake in the GUI?

Did you allow access to your DNS through for the IP address range?

Quote from: petersk on November 17, 2022, 03:30:16 PM
Did you allow access to your DNS through for the IP address range?

I mean once it connected (it seemed to actually connect for the first guide)  I was simply trying to ping my NAS or opnsense machine - to no avail, via IP - not hostname, so I imagine DNS isn't the issue. 

Quote from: chemlud on November 17, 2022, 10:37:45 AM
Without showing your actual setup (screenshots) nobody will be able to help you. Most likely: keys messed up? ;-) Do you ever see a handshake in the GUI?

I /think/ there's a handshake, in the first tutorial (the block quote seems to imply it's connected and performing a keep alive)  but I actually don't know, where in the GUI to even check for a handshake.   I'll try again and see.

(That's an awful lot of screenshots but I'll try)

Quote from: chemlud on November 17, 2022, 10:37:45 AM
Without showing your actual setup (screenshots) nobody will be able to help you. Most likely: keys messed up? ;-) Do you ever see a handshake in the GUI?

Ok I think I've got all the screenshots I can and anonymised them best I can.

https://i.imgur.com/9640ASg.png
https://i.imgur.com/TO1FRE7.png
https://i.imgur.com/qionbTN.png
https://i.imgur.com/gr4SQLO.png
https://i.imgur.com/03Klb3V.png
https://i.imgur.com/xRtd23f.png
https://i.imgur.com/SXCosZv.png

I don't see an Endpoint configuration for Phone on OPNsense in those screenshots. Or the WG configuration on the phone itself

Quote from: Greelan on November 17, 2022, 10:49:48 PM
I don't see an Endpoint configuration for Phone on OPNsense in those screenshots. Or the WG configuration on the phone itself

Sorry, thank you!

Endpoint:
https://i.imgur.com/CRPeZVz.png

Windows client (for testing, phone eventually obviously)
https://i.imgur.com/RL8agTw.png

The Endpoint Allowed IPs are incorrect. See step 3 of the official guide. It should be a /32 within the /24 subnet set for the tunnel under Local

The peer config on the sense:

- Allowed IPs the tunnel IP of the client is missing and 0.0.0.0/24 is more likely 0.0.0.0/0

Handshakes are in the GUI plugin for the Dashboard as well as in the WG part of the GUI under Status and Handshakes (unsurprisingly ;-) ).