opnsense 24.1.6 : I've created a wireguard interface, and used the peer generator to generate a configuration for an iOS device.
I did add a pre-shared key, and have also specified a DNS server, and also tried a keepalive (optional)
When using the *official* wireguard app on IOS, I get 'Invalid QR code' (with or without the PSK)
Is this expected to work?
The generated config is:
[Interface]
PrivateKey = longkey
Address = 10.10.10.2/32
DNS = 9.9.9.9
[Peer]
PublicKey =
PresharedKey = longpsk
Endpoint = 1.2.3.4
AllowedIPs = 0.0.0.0/0,::/0
PersistentKeepalive = 90
I've tried that also, same error !...
Could you be missing the end-point port number?
And presuming you have a peer PublicKey value.
port number is key here, true.
But also, one note that the port is not transfered to the peer "endpoint port" field, that has to be adapted manually.
FWIW I'm using duckdns and autocorrect put a space between "duck" and "dns". That caused this error for me.
I got similar experience on my Samsung Tablet ( Android )
On my phone ( GrapheneOS ) thankfully everything worked like a dream.
I used to have a dedicated WireGuard VPN VM coz it was a nightmare to get it working on OPNSense, with the latest release things are a lot smoother.
The workaround for me would be:
- Save the content of Config tab into a text file
- Install a package called qrencode on your pc assuming you are usiing Linux of course
- Then run: qrencode -t ansiutf8 -r "config_file_you_saved.conf"
It will generate the QR code for you.
If this is a OPNSense thing, it will work.
That is how I used to generate the QR code for the self hosted WireGuard before moving to OPNSense.
Moin,
i just had the same issue. Because the general road-warrior example is missing the info on how to use the peer-generator. you have to specify the opnsense puplic ip or domain. after that the qr code is valid.
getting it work, neede at my setup not using PSK and defining an external dns. (if you want opns dns, then you also have to create a outbound dns access list entry)