OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: tre4bax on August 29, 2019, 02:56:03 pm

Title: Wireguard and Android(Samsung)
Post by: tre4bax on August 29, 2019, 02:56:03 pm

With some help and perserverance I have Wireguard working 100% on my PCTablet.  When I connect I get shown I get info like below and it all just works

peer: **********************************************=
  endpoint: <address>:55703
  allowed ips: 192.168.100.2/32
  latest handshake: 24 seconds ago
  transfer: 16.36 MiB received, 9.47 MiB sent

Using the Android client on my samsung phone and an identical config with only the address changed I assumed that would work too.  This time not though.  I get no entry for that connection other than allowed ips:   Though the client comes on I cannot tell if the link is established.  With a ping tool I have checked that the interface IP appears on the phone and that there is some form of route noted.  Nothing seems to travel that route though :-(  Anybody managed to get this working on Android?

Title: Re: Wireguard and Android(Samsung)
Post by: mimugmail on August 29, 2019, 03:33:09 pm

Do you have both endpoints linked in your local instance? Do you have 0.0.0.0/0 at the phone set?

Title: Re: Wireguard and Android(Samsung)
Post by: tre4bax on August 29, 2019, 04:34:32 pm

This one was all my bad.  I exported the config from my desktop client and the mobile client and compared them.

Found that the Mobile client was set to port 58120 and the desktop to 51820  swapped this around and it all now works perfectly @minmugmail  thank you so much for the help with this.  It really was simple once with a little bit of prompting.  Here are my configs on both ends that worked for me, in case of others following my route:

Server (opnsense pluggin):
Local (interface)
    Tunnel address 192.168.100.0/24
Endpoint (peer)
     Allowed ips:  192.168.100.2/32

Client (windows version of WireGuard)

Interface
    Address = 192.168.100.2/32
Peer
    AllowedIPs = 0.0.0.0/0
    Endpoint = <end point address>:51820
    PersistentKeepalive = 25


The key learning for me was to understand that Allowed IPs in the peer was the addresses that the interface described above would expect to come from the peer.  i.e. The server would only expect packets from the 192.168.100.2 address but the client would expect any internet address to come through.  Once I finally got that then it made it possible to get Wireguard working consistently.  The phone interface was the same as above with just the .2 changed to a .3 and so on...