OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: BeNe on September 20, 2019, 05:03:47 pm

Title: [SOLVED] Wireguard debug ?
Post by: BeNe on September 20, 2019, 05:03:47 pm

Hi OPNsense Users,

i try to setup/enable Wireguard and checked the documentation (OPNsense wiki and Thomas Krenn Wiki).
But the Service won't come up.

How can i debug the problem ?
I'm unable to find the correct log for wireguard. There is nothing helpfull in the Logfiles (System -> Logfiles -> Backend or General).
 

Code: [Select]

Sep 20 16:43:29 configd.py: [ab436b4f-6a31-4b6a-a8f4-685ec8e485f2] starting WireguardThats all for wireguard, but the service is directly stopped. I'm on OPNsense 19.7.4_1-amd64 with LibreSSL 2.9.2

Thanks for your help!

Title: Re: Wireguard debug ?
Post by: mimugmail on September 20, 2019, 05:34:43 pm

/usr/local/etc/rc.d/wireguard start

Output please

Title: Re: Wireguard debug ?
Post by: whit on September 20, 2019, 07:39:39 pm

In /usr/local/etc/wireguard do you have a config file? I've learned you not only need to save configurations for both ends, and make sure that the Local specifies the Peer after the Peer is defined, but you need to then "Save" the overview page that then has the already-saved definitions, or else the appropriate config file isn't placed there. In other locations in the OPNsense UI, you get an "Apply Changes" button on the top right whenever there's an additional step required to apply something you've configured. But the WireGuard module isn't consistent with that design. It's a solid piece of work, just rough around the edges.

Title: Re: Wireguard debug ?
Post by: BeNe on September 20, 2019, 09:42:27 pm

Allright, thanks for you help so far.

Code: [Select]

# /usr/local/etc/rc.d/wireguard start
[#] wireguard-go wg0
INFO: (wg0) 2019/09/20 21:29:12 Starting wireguard-go version 0.0.20190805
[#] wg setconf wg0 /tmp/tmp.Xbud4cy8/sh-np.qJq9uk
Key is not the correct length or format: `JTBL9JOU86GO7qHkNGyOya5iYYrkhr4yoKrd5t1bmWQ'
Configuration parsing error
[#] rm -f /var/run/wireguard/wg0.sock

Here is the config - don´t worry. I will delete this public config and create a new one:

Code: [Select]

# cat /usr/local/etc/wireguard/wg0.conf

[Interface]
Address = 10.99.97.0/24
DNS = 172.16.17.31
ListenPort = 51820
PrivateKey = aAViqItlIzXP8k9uFl0D/E0cDuz3tHIKpD2T1N2V1Fo=
[Peer]
PublicKey = JTBL9JOU86GO7qHkNGyOya5iYYrkhr4yoKrd5t1bmWQ
AllowedIPs = 10.99.97.10/32


So the public Key is not good / long enough ?
This was automatic generated by clicking "Save" in the Webinterface. I did not change or cut the Key.

Title: Re: Wireguard debug ?
Post by: mimugmail on September 21, 2019, 07:16:46 am

Maybe the public key from endpoint is wrong?

Title: Re: Wireguard debug ?
Post by: BeNe on September 21, 2019, 10:40:28 am

I generated new Keys and also added a new endpoint. Checked both keys and the Wireguard Service is coming up.  8)

Thanks for your time and help!