I have 2 Wireguard site-to-site VPNs setup already. Both ends are OpnSense. I want to setup a 3rd VPN to a PFSense box and I have not had any luck getting them to handshake (OpnSense to PFSense). Anybody have any issues in this area?
public keys generated and copied appropriately.
No issues here. Had 2 tunnels between the two but now only 1. And soon to be none!
ok, figured there wasn't an issue....just me :-[
Still can't figure out why it isn't working...
Site1 - OpnSenseinterface: wg2
public key: <<removed "P1">>
private key: (hidden)
listening port: 51840
peer: <<removed "P2">>
endpoint: xxx.xxx.xxx.xxx:51840
allowed ips: 192.168.200.0/24, 10.11.3.2/32
transfer: 0 B received, 444 B sent
persistent keepalive: every 10 seconds
Site2 - PFSenseinterface: tun_wg0
public key: <<removed "P2">>
private key: (hidden)
listening port: 51840
peer: <<removed "P1">>
preshared key: (hidden)
endpoint: xxx.xxx.xxx.xxx:51840
allowed ips: 172.18.1.0/24, 10.11.3.1/32
transfer: 61.57 KiB received, 38.42 KiB sent
* notice the peer at site one isn't receiving but is sending data....
** firewall rules on both sites are ok - udp port 51840 is open on wan interface and the wireguard interface has <any><any> rules in place
Any suggestions on where to look next?
You'd have to provide more info.
What are the tunnel addresses?
This is a site to site but you have 2 /32 addresses allowed, what are they?
The biggest problem with Wireguard is there is no "Right way" of setting it up. Meaning there can be multiple ways to make it work and there should only be one.
Use the packet capture, are both sites reaching the WAN of the other site?
Did you set up the proper routes and gateways?