Print Page - Yet another wireguard connection problem

Title: Yet another wireguard connection problem
Post by: finishthepint on June 01, 2025, 06:55:37 PM

Update for anyone finding this thread: Creating a port forward rule finally made this work for me. I don't understand why this is needed or what it does differently since no guide i can find calls this out.

I've read every thread I can find here and followed countless guides but I still can't get wireguard in OPNsense working. I'm trying to setup a simple "Road Warrior" setup so I can access my home network from my phone on the go. I think my problem is the wireguard traffic isn't getting to the wireguard instance. If I do 'tcpdump -i igc0 port 51820', I can see traffic when I initiate the connection on my client however if I do 'tcpdump -i wg0', I don't see anything.

Additionally, I tried to look at Firewall -> Logs -> Live View by filtering for wg0 and nothing ever shows up. I'm very new to opnsense in case it wasn't obvious.

I've tried:

Double and triple checked my public/private keys and they match
With and without the normalization rule from the official guide
Using only the auto-generated outbound rules and creating a manual rule from the official guide
Turning "block private networks" on and off in wan settings
A variety of private network addresses
Creating 'out' rules to mirror the 'in' rules
Restarting the wireguard service
Different wireguard ports

Included below are screenshots of my configuration. For what it's worth, I use the peer generator in opnsense. I will recreate a new instance with new public/private keys after this post.
(https://i.imgur.com/YvgSlsw.jpeg)
(https://i.imgur.com/GTwfDrl.jpeg)
(https://i.imgur.com/VRaExL9.jpeg)
(https://i.imgur.com/aGhlk7i.jpeg)
(https://i.imgur.com/wbj5YA3.jpeg)
(https://i.imgur.com/2X4ayTW.jpeg)
(https://i.imgur.com/eQt27oD.jpeg)

Title: Re: Yet another wireguard connection problem
Post by: finishthepint on June 05, 2025, 11:19:25 PM

Just wanted to add that after finding a similar thread (https://www.reddit.com/r/opnsense/comments/1fdprdn/wireguard_server_only_works_when_i_port_forward/), i was able to get things working by creating a port forwarding rule. Now i wish i could figure out why i need to create the port forwarding rule when none of the guides call that out.

Title: Re: Yet another wireguard connection problem
Post by: JamesFrisch on June 05, 2025, 11:33:46 PM

You don't need a port forwarding rule, but you need a WAN firewall rule. And the port forwarding rule, probably created a corresponding firewall.

Delete the NAT and create a WAN firewall rule.

OPNsense Forum

English Forums => Virtual private networks => Topic started by: finishthepint on June 01, 2025, 06:55:37 PM