OPNsense Forum

English Forums => General Discussion => Topic started by: CanadaGuy on February 27, 2023, 04:57:55 pm

Title: WG tunnel firewall state going stale, requires delete to restore connectivity
Post by: CanadaGuy on February 27, 2023, 04:57:55 pm
Since I switched to opnsense I've had issues with my WireGuard tunnels. I connect several tunnels from a host on my LAN to a few servers on the public internet. It seems these tunnels go stale, and stop passing traffic after a while. I have a 10 second keep alive, but that doesn't seem to keep the tunnel open. Searching for the destination IP in my firewall state table and deleting the states allows the connection to resume.

Is there any state checking I can implement to keep this from happening? I'm using "port forward" to implement DNAT as I want to redirect these IPs for everything BUT SSH and WG UDP.

What can cause the firewall state to stop forwarding traffic and prevent opening a new connection?
Title: Re: WG tunnel firewall state going stale, requires delete to restore connectivity
Post by: zan on February 28, 2023, 04:39:19 am
Have you checked your wireguard status for handshakes, do they handshake normally (every 1-3 min)?