I upgraded to 23.7.9 and now my Wireguard PIA tunnel is broken. This also happened on the last upgrade but I rolled back to 23.7.7.3 which works fine. I see this generic error in the WG diag logs
/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: Skipping gateway WG_PIA_GW due to empty 'gateway' property.
Looking at Wiregurad Diagnostics I see an active connection:
Name Port/Endpoint Handshake SendReceived
PIA-Server xxx.xxx.xxx.xxx:1337 2023-11-24 11:28:20 1.23 KB 368.00 Bytes
Looking at Interfaces -> Overview I don't see any packets being transmitted
Status up
MAC address 00:00:00:00:00:00 - XEROX CORPORATION
MTU 1420
IPv4 address xxx.xxx.xxx.xxx/32
In/out packets 0 / 0 (0 bytes / 0 bytes)
In/out packets (pass) 0 / 0 (0 bytes / 0 bytes)
In/out packets (block) 0 / 0 (0 bytes / 0 bytes)
In/out errors 0 / 0
Collisions 0
What changed and how do I fix this?
I'm using os-wireguard-go instead and 23.7.9 broke it for me too. The wireguard adapters just wouldn't show up for assignment, most likely due to the new changes regarding interface assignments for wireguard devices mentioned in the changelog I'm sure. Reverting to 23.7.8_1 fixed everything for me. Even tried the kernel plugin and had the same problem as you.
So make of that what you will, I'd use the older plugin for now.
I moved away from Wireguard-Go when the kernel plugin became available. I have to test but I think my client connections into Opnsense will work. Its the PIA gateway that is failing For me the last release that PIA gateway worked was 23.7.7_3.
bump
it takes less than 5 minutes to delete or re add an interface in WG
have you tried this and has it come back online?
os-wireguard 2.5_1 84.4KiB
os-wireguard-go 1.13_7 55.6KiB
you can also see the version difference. I've read you should be using os-wireguard going forward
Not only have I removed the wireguard interface, I deleted it, reinstalled it, and re-added it, and it still fails. I have been using OS-Wireguard since it became available, what ever that release was.
os-wireguard 2.5_1 84.4KiB OPNsense BSD2CLAUSE WireGuard VPN service kernel implementation
under vpn -> wireguard -> diagnostics you can see the tunnel to PIA is up.
wg2 <key> PIA-Server xx.xx.xx.xx:1337 2023-11-27 07:36:12 637.04 KB 172.41 KB
There seems to be a disconnect between the tunnel and creating the interface. The interface gets created but doesn't have a traffic.
Status up
MAC address 00:00:00:00:00:00 - XEROX CORPORATION
MTU 1420
IPv4 address xx.xx.xx.xx/32
IPv4 gateway auto-detected: xx.xx.xx.1
In/out packets 0 / 0 (0 bytes / 0 bytes)
In/out packets (pass) 0 / 0 (0 bytes / 0 bytes)
In/out packets (block) 0 / 0 (0 bytes / 0 bytes)
In/out errors 0 / 0
Collisions 0
from scratch
I setup a tunnel with my "provider"
it worked perfectly. try 1320 for MTU in the interface for your tunnel and see if that helps?
My MTU is set for 1380 which has worked for a few years now.
Again if you look at what I posted, its not the connection to PIA that is an issue, it is building the Opnsense adapter on top of that connection that is failing.
If it works for me and does not for you
The only difference is pia. Opnsense is working for me with wireguard and my provider
Edit. I follow Christian McDonald's YouTube videos for setup. But I do not use mullvsd, try his videos
This has worked for me since 21.x It stopped working after upgrading to 23.7.8. It works perfectly on 23.7.7_3.
If something was broken the forum would be full of wireguard issues.
Your setup sounds like the issue
Please explain why my setup worked flawlessly on releases up to 23.7.7_3 if my setup is an issue?
Because my setup and hundreds if not more out there are still working
Have you contacted pia or tried another server?
Under the interface have you checked this ?
This interface does not require an intermediate system to act as a gateway
Try this
I have a production system running 23.7.7_3 which is connected to PIA without issue. I upgraded my test system which was also working fine on 23.7.7_3 to 23.7.7.9 and the Interface associated to PIA no longer works. The system is connected to PIA but when you associate and interface to the PIA connections it doesn't pass packets. From what can tell this has nothing to do with PIA and Opnsense connecting to it. That piece seems to work. It is add the interface to the PIA tunnel that is failing.
To verify the PIA connection is working I pinged the production PIA interface from my test system and back and it worked. So the bug isn't with the PIA tunnel, the bug is how Opnsense is configuring the interface using the tunnel.
Did you use the FingerlessGlov3s script to set up your tunnel? If so, it looks like the maintainer released an update to support a change made in 23.7.8.
https://github.com/FingerlessGlov3s/OPNsensePIAWireguard/releases/tag/23.7.8-1
I did use FingerlessGlov3s script to configure the tunnel. I will break the tunnel down and try the new script.
Downloading and running the new script fixed the issue. Thanks
Glad you're up and running. The fact that you're using a 3rd party script would be useful info next time. :)
noted.
After verifying the new script worked on my test system I installed the new script on my production system before upgrading. This time the upgrade went perfectly. I suggest anyone using the FingerlessGlov3s script for PIA, save yourself some time and pull it down before you go from 23.7.7x to 23.7.8/9..