Just switched from PFSense to OPNSense 23.7 thought this would be easy switch boy I was wrong. I am having trouble getting my client to connect to my OPNSense Wireguard server. I am using same config that I used in PFSense that worked and have even followed numerous websites on OPNSense wireguard setup but nothing works. I also setup my client on my home network and it connected to the Wireguard server with no issue so my thinking is something on WAN side that is blocking the communication between the client and server just have not been able see a log to tell me what that is. My OPNSense is still default from install just added a Firewall rule for Wireguard port put that config below and the Config for the Wireguard server, also my home network public IP is static. I am at my wits end trying to make this work so thought give the forums a shot see if some else ran into this issue and had a fix.
Wireguard server
Name
*
Instance
1
Public Key
*
Private Key
*
Listen Port
51830
Tunnel Address
10.12.18.1/24
[Peer]
Name
*
Public Key
*
Allowed IPs
10.12.18.2/32
Keepalive Interval
25
Firewall Rule WAN
Interface
WAN
Direction
in
TCP/IP Version
IPv4
Protocol
UDP
Source
any
Destination
WAN address
Destination port range
from:(other) 51830
to:(other) 51830
Client Config
[Interface]
Address = 10.12.18.2/24
ListenPort = 51830
PrivateKey = *
MTU = 1380
[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = *:51830
PersistentKeepalive = 25
PublicKey = *
Maybe try "This Firewall" as destination in the WAN rule? I dont know, this looks fine though. My own configuration is almost identical. I also use "WAN address". If you connect via IPv6 make sure to select IPv4+IPv6 in your rule.
Try to tcpdump on the WAN interface and look if your wireguard handshake pakets hit the WAN interface. Look in the firewall live log and check if the default deny rule drops the wireguard pakets.
Got it to work by reinstalling OPNSense not sure what was causing the issue because I input the same config right back in after the reinstall. But I did try Monviech suggestions changing the Firewall rule to "This Firewall" did not work did the tcpdump could see my client hitting the Wan interface but looked in firewall live log could not see any related logs. Thanks Monviech for the reply.
No problem. It's just weird how I see more of "I reinstalled everything and then it started to work". I wish there was a clue what went wrong when it did. I've been seeing a few wireguard related things pop up in the forum lately, but I never ran into the issue myself that I had to totally start from scratch for the whole firewall.
do you mean reinstall and import configuration?
configure everything from start?
this would be a nightmare