Has anyone managed to configure two wireguard endpoints successfully in gateway group?
I have one working endpoint and cannot figure out how to make the second one function despite having followed almost the exact same steps in configuring both of them; the only difference being how the addresses are configured on wireguard > settings > instances:
for connection1 I have configured the default values provided in proton config
peer
| public key | .conf > Peer PublicKey |
| allowed ips | .conf > Peer AllowedIps (0.0.0.0/0) |
| endpoint address | .conf > Peer Endpoint (196.196.203.202) |
| endpoint port | .conf > Peer Endpoint (51820) |
instance
| public key | .conf > Peer PublicKey |
| private key | .conf > Interface PrivateKey |
| listen port | .conf > Peer Endpoint port (51820) |
| tunnel address | .conf > Interface Address (10.2.0.2/32) |
| peers | proton_peer1 |
| disable routes | check |
| gateway | tunnel address -1 (10.2.0.1) |
for connection2 the same except tunnel, gateway and endpoint
peer
| public key | .conf > Peer PublicKey |
| allowed ips | .conf > Peer AllowedIps (0.0.0.0/0) |
| endpoint address | .conf > Peer Endpoint (194.34.132.55) |
| endpoint port | .conf > Peer Endpoint (51820) |
instance
| public key | .conf > Peer PublicKey |
| private key | .conf > Interface PrivateKey |
| listen port | .conf > Peer Endpoint port (51820) |
| tunnel address | .conf > Interface Address (10.3.0.2/32) |
| peers | proton_peer2 |
| disable routes | check |
| gateway | tunnel address -1 (10.3.0.1) |
then both are assigned and configured in interface assignments. at this point peer 1 handshake succeeds but peer2 doesnt.
is there some gotcha i'm missing?
What if you switch the port on one of the Instances to anything other than 51820, like 51821?
https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/#remote-peers (https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/#remote-peers)
miroco
its always something so simple isn't it? that'd be it, thanks!