Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: PotatoCarl on September 01, 2024, 10:34:27 AM

Title: Wireguard not working
Post by: PotatoCarl on September 01, 2024, 10:34:27 AM
Hi
I am trying to setup wireguard as alternate VPN to the existing and running vpn. However, even if I religously follow the instruction in the documentation, i get an immediate connect (well, both linux and android claim to have connected), but nothing is accessible. i do not see anything from the inside network, not the ouside network.

Protocoll is set to "debugging" but does not even show entries (no new entries when somebody tries to connect I mean):

2024-09-01T10:21:54   Notice   wireguard   wireguard instance RoadWarrior (wg0) started   
2024-09-01T10:21:54   Notice   wireguard   /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (execute task : dpinger_configure_do(,WireGuard))   
2024-09-01T10:21:54   Notice   wireguard   /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (,WireGuard)   
2024-09-01T10:21:54   Error   wireguard   /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: not a valid opt4 interface gateway address: 'missing'   
2024-09-01T10:21:54   Notice   wireguard   /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: entering configure using 'opt4'

I have no idea where to set the "gateway address" as I have set it under "Peers" with the correct IP of the outside address. However, the address is tested either to be the external IP to the internet (which is the IP of a router forwarding everything to the firewall) OR the IP of the firewall. Both do not make any difference.

I really do not understand what the problem is or how to debug it. There is literally no traffic via the wireguard interface.

Thank you for your help.
Title: Re: Wireguard not working
Post by: mifi42 on September 01, 2024, 11:35:30 AM
If you can access a shell on the firewall host, there is a command to look at the status of wireguard, latest handshake, addresses allowed, etc.:
Code Select
wg show

I have my firewall rules in the WireguardGroup "interface" to allow traffic to and from the tunnel.
Also, I used
Code Select
tcpdump -i wg0
to look at the traffic flowing in and out of the tunnel.
Both commands can be done at either end of the tunnel.

I hope the extra information helps to find the problem.

Cheers,
Michiel
Text only | Text with Images