With the new update zenarmor prevents the wireguard connection, disabling the WG interface in zenarmor solves the problem, if you re-enable wireguard it connects but after a few minutes it disconnects again. All this can be seen in the Opnsense widget:
I see similar behavior. I disabled WG for now.
I have two firewalls which both are running 1.18 on OPNsense 24.7.7.
Wireguard is working without issues on both systems.
Just to verify. Zenarmor is checking the wireguard interface?
I used Wireguard and was suprised why my home opnsense-instance wasn't responding anymore. So if one is depending on WG for remote purposes, disabling zenarmor seems to be the only solution?
Have those affected sent feedback/logs via the Zenarmor UI? What did the dev team say?
Same problem here. I removed the wireguard interface from my zenarmor settings and now I'm able to connect again. Hopefully they get it fixed soon.
Quote from: ruuskil on October 25, 2024, 08:49:08 PM
Same problem here. I removed the wireguard interface from my zenarmor settings and now I'm able to connect again. Hopefully they get it fixed soon.
Did you send feedback/logs to Sunneyvalley through the UI? Have you had any feedback from them?
Quote from: Taunt9930 on October 25, 2024, 11:17:22 PM
Did you send feedback/logs to Sunneyvalley through the UI? Have you had any feedback from them?
I did but haven't heard back yet. I added a link to this thread in my message so hopefully they come here for the comments.
Hi,
Actually, it couldn*t be reproduced. We need to investigate with logs. We have contacted us who sent the logs. I ask for to use "Have Feedback" check all checkboxes.
Pros for ZA support for being active also during the weekend. I was contacted and their proposal was a remote session for investigating the problem but I'm not willing to do that. As a home user this issue is not critical to me since the WG connection works when it's removed from ZA settings.
I hope someone from this thread will be able to work further with ZA to reproduce the issue.
I think I had this problem, too. Right after 24.7.7 update WG stops to work. I always saw a 124kb received from WG/OPNsense (e.g. on my iPhone), then it stops.
However, after some restarts this problem is just gone. WG works as expected and I haven't touched anything. Strange.
See here: https://forum.opnsense.org/index.php?topic=43653.0
So maybe it is not related to Zenarmor?
Quote from: wirefall on October 27, 2024, 11:23:30 AM
I think I had this problem, too. Right after 24.7.7 update WG stops to work. I always saw a 124kb received from WG/OPNsense (e.g. on my iPhone), then it stops.
However, after some restarts this problem is just gone. WG works as expected and I haven't touched anything. Strange.
See here: https://forum.opnsense.org/index.php?topic=43653.0
So maybe it is not related to Zenarmor?
In this case it must be connected to Zenarmor because it started when ZA updated to 1.18. And the problem goes away when the WG interface is removed from ZA settings.
I haven't changed anything in Zenarmor, WG interfaces have always been in. WG works again after 2 restarts, for over 2 days now reliable. However there was definitely something wrong with WG right after update, all connections to quite some peers outside were broken.
As I haven't changed any setting (only restarting), this keeps to be strange...
Hi All,
We have reproduced the issue and investigating. I will update as soon as possible about the issue again. Thanks for your understanding and patience.
Can confirm, after Zenarmor update 1.18 Wireguard connections are disrupted.
I can concur - same issue - if the WG interface is disabled in ZenArmour then Remote WG Connections start working again.
Quote from: wirefall on October 27, 2024, 07:55:08 PM
I haven't changed anything in Zenarmor, WG interfaces have always been in. WG works again after 2 restarts, for over 2 days now reliable. However there was definitely something wrong with WG right after update, all connections to quite some peers outside were broken.
As I haven't changed any setting (only restarting), this keeps to be strange...
UPDATE: After another 2 days WG is broken again! Unpleasant surprise. Nothing has been changed, so this is rather unreliable. Another reboot seems to fix it, but for how long??
Please fix this soon, as I really need WG remote access. As I paid for a Zenarmor plan I count on the Zenarmor features even on the road. I am not willing to disable WG interfaces in Zenarmor, as there is quite a reason why I have them there. Thanks for your efforts in advance!
Same bullshit issue just hit me today after being fine for 2 days since the update.
Hi All,
Zenarmor version 1.18.1 has been released.
We would like to report that Wireguard connection issues have been resolved.
After the 1.18.1 update, we kindly ask you to add Wireguard interfaces again.
1.18.1 just has been released to fix the WG issue.
Looks good so far.
Is my deployment mode and WG interface selection correct? On the lan, I am using intrusion detection with Surricata.
It has the same behavior as before the update, at first it connects but after some time it loses connection and does not reconnect.
Hmm, here is all ok so far, about one day uptime with the new version.
But that was the same with the initial update 1.18. Have you rebooted after 1.18.1?
I have restarted Opnsense twice and the problem continues. In the widget the wireguard interface appears with no traffic.
A new zenoverlay service has been activated.
In the interface assignment I have a zenoverlay vpn that I don't have active and I don't know if I have to activate it, configure it and how to do it.
Wireguard - Status
Interesting, I haven't noticed this zenarmor overlay WG thing so far. You've got the answer about this in your other thread, this is a zenarmor WG thing for future release.
Question is, if this thing could interfere somehow with your standard WG interface. However, I could find this overlay the same way as in your setup, but WG is still working as expected here (just checked again). Regarding WG itself I pretty much followed the setup in the OPNsense documentation.
I just finished testing and I think the problem is related to Suricata in wan and possibly Netmap. I have deactivated Zenarmor and Suricata and I could not connect wireguard, I had to restart opnsense several times and some of them hung. In the end with Suricata disconnected and zenarmor active monitoring the wireguard interface it worked again.
I don't use Suricata, so this could confirm your findings.
In the end it seems to be a DDNS problem.
Good to hear you could solve it. Meaning also, 1.18.1 should work properly with WG.
Can confirm post 1.18.1 upgrade WG works properly.
Regards,
S.
No problems since the update also.