OPNsense Forum
English Forums => General Discussion => Topic started by: eblot on June 08, 2020, 11:01:30 pm
-
Hi,
What is the wireguard status with latest OpnSense release?
I'm using OPNsense 20.1.7-amd64
I've been using wireguard for a while (opnsense w/ macOS and iOS endpoints), and for some reason it seems it does not work anymore, although I cannot trace back when it actually stopped working, but I do not remember changing anything related to Wireguard or the FW rules.
I'm a bit lost about the packages for Wireguard. There are:
* os-wireguard 1.1
* wireguard 1.0.20200513
* wireguard-go 0.0.20200320
which one(s) is/are required ?
I think when I've initially setup wireguard and when it used to work, there was a < 1.0 release.
Maybe the config format has changed and I need to reinstall it from scratch?
Another question: where are the logs associated with Wireguard support?
The list configuration and handshake panes are empty. They were reporting some info when the setup used to work.
It seems Wireguard is more or less idle, but I really do not know where to look to get logs or debug info.
Thanks.
-
All 3 are required and seems up2date. There are no logs with WireGuard, one of th sad things compared to OpenVPN, means you really have to know how it works if you want to use it in production.
When show config is empty you maybe don't have it enabled in general tab?
-
Sorry for some reason I did not get notified about your reply.
Everything is enabled - as it used to be before the update, that is:
https://<server>/ui/wireguard/general/index
* General tab: Enable Wireguard is selected
* Local tab: One configuration defined, also enabled (with all 4 defined peers selected)
* Endpoints tab: 4 peers defined and enabled
* List configuration: empty
* Handshakes: always empty, it used to contain real handshake before the last update, when the peers were active
However, now that I have installed the new wireguard-go package, I can see on the dashboard page that this server cannot start - and I cannot get any log to know what's the problem.
If I log in the system using ssh and force run wireguard-go:
$ sudo ./usr/local/bin/wireguard-go -f wg0
INFO: (wg0) 2020/06/15 22:29:38 Starting wireguard-go version 0.0.20200320
INFO: (wg0) 2020/06/15 22:29:38 Device started
INFO: (wg0) 2020/06/15 22:29:38 UAPI listener started
the wireguard-go icon on the dashboard gets green light, and interface: wg0 appears in the list configuration tab. However, it does seem to make the WG VPN to work: no comm from client, no handshake reported in the dedicated tab.
I would have like uninstalling everything and reinstall Wireguard from scratch, but it seems it is not possible from the UI...
-
Try
/usr/local/etc/rc.d/wireguard restart
-
It seems the culprit was an invalid peer key entry.
Lack of log file is definitely an issue to solve this kind of error.
$ /usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface
INFO: (wg0) 2020/06/20 17:06:50 Starting wireguard-go version 0.0.20200320
- wg setconf wg0 /tmp/tmp.Hxs5bS6X/sh-np.sMewul
Key is not the correct length or format: `6QxSgFJGyaSNT1deq0jM48bthCz0Vz04CdlWuGgwxgI'
Configuration parsing error
- rm -f /var/run/wireguard/wg0.sock
[/tt]
I also discovered that at start up - I ended up plugging in a screen which I had not done for years - BSD or OpnSense gets mad about a corrupted tar file, and dumps thousands of the very same error line ("corrupted archive") before resuming the boot sequence. It does not seem to self heal, all boots show this madness. Maybe I should reinstall opnsense from scratch...
-
This is a problem from Wireguard, I already tried to output console to a file for semi-log, but this is also not possible.