Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: Blacktime2 on May 27, 2024, 05:54:57 PM

Title: [WIREGUARD] Site to Site doesn't work
Post by: Blacktime2 on May 27, 2024, 05:54:57 PM
Hello team,

I've been trying to set up a Wireguard tunnel between my two firewalls but I've run into a lot of problems and it's complicated to debug it.
You can see my network map in the attachment.

After configuring the tunnel, I can see that packets are being exchanged between the 2 firewalls, but the tunnel doesn't seem to be going up.

Here's everything I've configured:
- Instances on the 2 FWs
- Peer on the 2 FWs
- Open a UDP port on both sides
- Authorize the right IP ranges + open flows on the "Wireguard (Group)" interface
- Add a keep alive of 25 for NAT

Any ideas? It seems I'm not the only one with this problem on the forum. Is it a bug in the new version of wireguard?

Thanks to all those who will take the time to read me !
Title: Re: [WIREGUARD] Site to Site doesn't work
Post by: Bob.Dig on May 28, 2024, 09:12:17 AM
Quote from: Blacktime2 on May 27, 2024, 05:54:57 PM
Is it a bug in the new version of wireguard?
No. Nice picture though.
Title: Re: [WIREGUARD] Site to Site doesn't work
Post by: Patrick M. Hausen on May 28, 2024, 09:36:10 AM
Without your full wireguard configuration (minus private keys) and all corresponding firewall rules it is pretty hard to help you.
Title: Re: [WIREGUARD] Site to Site doesn't work
Post by: Blacktime2 on May 29, 2024, 04:46:13 PM
Thank you for your reply. Here you can see the Wireguard configuration as an attachment.
Title: Re: [WIREGUARD] Site to Site doesn't work
Post by: Bob.Dig on May 29, 2024, 08:01:15 PM
The remote networks should be /24 or whatever they are, not /32 (allowed IPs).
Title: Re: [WIREGUARD] Site to Site doesn't work
Post by: Blacktime2 on May 29, 2024, 09:43:10 PM
Okay, I just changed. But that's not the cause of the problem.
Text only | Text with Images