Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: m4rtin on June 30, 2023, 10:43:45 AM

Title: Wireguard connection fails (firewall issue)
Post by: m4rtin on June 30, 2023, 10:43:45 AM
Hi, I want to establish a Wireguard VPN connection between an Ubuntu cloud server and a network that is protected with an OPNsense firewall with wireguard.

The wireguard config on the ubuntu server is:

Code Select
[Interface]
PrivateKey = ...
Address = 192.168.1.252/32

[Peer]
PublicKey = /wKtAL5pkfMrV5MTSSHbtMe6TXM+D6d4KQ76Mfj/tVQ=
AllowedIPs = 10.0.0.0/24
Endpoint = ..........:51825


The wireguard Status on the Ubuntu server is:

Code Select
peer: /wKtAL5pkfMrV5MTSSHbtMe6TXM+D6d4KQ76Mfj/tVQ=
  endpoint: xxx.xxx.xxx.xxx:51825
  allowed ips: 10.0.0.0/24
  transfer: 0 B received, 148 B sent
  persistent keepalive: every 25 seconds

The wireguard Status on the opnsense server is:

Code Select
peer: es6Mn1SZ3Zl9GUIkSlipsiS1HHGdnTmiXxq2qKgdI0Y=
  endpoint: xxx.xxx.xxx.xxx:49481
  allowed ips: 192.168.1.252/32
  transfer: 99.29 KiB received, 61.72 KiB sent


Wireguard log on ubuntu server:

Code Select
[Fri Jun 30 10:36:56 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 19)
[Fri Jun 30 10:36:56 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:01 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 20)
[Fri Jun 30 10:37:01 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:07 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 20 attempts, giving up
[Fri Jun 30 10:37:27 2023] wireguard: xxxxxxxx: Sending keepalive packet to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:27 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:33 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 2)
[Fri Jun 30 10:37:33 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:38 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 3)
[Fri Jun 30 10:37:38 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:43 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 4)
[Fri Jun 30 10:37:43 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)

The strange thing is that there is no traffic on port 51825 in the live view of the opnsense, although it received data (wireguard status).

Do you know what might be the issue here?
Text only | Text with Images