OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: loganx1121 on August 18, 2020, 09:48:31 pm

Title: Wireguard only works for 1 tunnel
Post by: loganx1121 on August 18, 2020, 09:48:31 pm
I was messing with sensei last night and long story short, I changed a config for that and bricked the firewall. Don't ask me how. I was able to restore from a backup config but then I noticed that the second wireguard site-to-site tunnel with my friend wasn't working. The first site-to-site seems to be fine, but not the second. I figured something got corrupted and said screw it and just reinstalled OPNsense...but somehow I'm still having the same problem.

It looks like the routes for the second tunnel just aren't being added...at all.

Code: [Select]
service wireguard restart
[#] rm -f /var/run/wireguard/wg0.sock
[#] resolvconf -d wg0
[#] rm -f /var/run/wireguard/wg1.sock
[#] resolvconf -d wg1
[#] wireguard-go wg0
INFO: (wg0) 2020/08/18 15:29:54 Starting wireguard-go version 0.0.20200320
[#] wg setconf wg0 /tmp/tmp.unP2p7nM/sh-np.10hwi8
Warning: AllowedIP has nonzero host part: 172.25.25.1/30
[#] ifconfig wg0 inet 172.25.25.1/30 172.25.25.1 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 172.25.25.0/30 -interface wg0
[#] route -q -n add -inet 10.33.0.0/16 -interface wg0
[+] Backgrounding route monitor
[#] wireguard-go wg1
INFO: (wg1) 2020/08/18 15:29:54 Starting wireguard-go version 0.0.20200320
[#] wg setconf wg1 /tmp/tmp.BYmvS7eI/sh-np.tuIqoO
[#] ifconfig wg1 inet 172.26.26.1/30 172.26.26.1 alias
[#] ifconfig wg1 mtu 1420
[#] ifconfig wg1 up
[#] resolvconf -a wg1 -x
[+] Backgrounding route monitor

I can see when I restart wireguard in the CLI that wg0 has "route -q -n add" etc, and wg1 which is the second tunnel does not. I can also see this in the GUI where I see the route to the first tunnel is there but the second is not.

I have no idea how or why this happened, or how to fix it. I'm extremely confused. Everything with the second tunnel seemed fine until the crash last night. I reinstalled the software, did the updates until I was running the latest, then restored from a backup I took last night after the first crash. Does anyone have any ideas why the second tunnel wouldn't be adding its routes?

I tried removing the second tunnel and starting from scratch. I also tried uninstalling and reinstalling wireguard but the issue is persisting through everything I throw at it. Idk how much harder I can hammer the thing aside from reinstalling opnsense completely, which I already did...unless somehow the issue carried over from the back up, but I did try reverting to an even older backup after I did the reinstall today and the issue was present still. I also tried cloning the second tunnel, but it seems like any tunnel I make after the one that actually is working has the same issue where it doesn't add the routes.
Title: Re: Wireguard only works for 1 tunnel
Post by: mimugmail on August 18, 2020, 09:51:28 pm
Screenshots of endpoints please. You have to use /32 for them
Title: Re: Wireguard only works for 1 tunnel
Post by: loganx1121 on August 18, 2020, 10:34:16 pm
ok...the first tunnel has been working for months with a /30 but ok...the sparta tunnel is the one not working and not adding routes.  Attached screenshot
Title: Re: Wireguard only works for 1 tunnel
Post by: loganx1121 on August 18, 2020, 10:43:31 pm
Well I guess you were right...although I don't know how it worked before.  Tunnel seems to be up now.  Thank you very very much.