OPNsense Forum

English Forums => Virtual private networks => Topic started by: yearski on November 21, 2020, 06:05:11 pm

Title: WireGuard setup required reboot, Unbound available on WAN
Post by: yearski on November 21, 2020, 06:05:11 pm
I struggled to get WireGuard installed, configured and working. It was frustrating because the setup and configuration is so simple, there aren't many places to check for mistakes. I have OPNSense 20.7 on a Shuttle mini PC. I discovered two things that finally got  it working for me:

Hope that helps someone else. The setup is really quite simple and it works great. But geez, I spent a lot of befuddled time to get there. (When in doubt, reboot!)
Title: Re: WireGuard setup required reboot, Unbound available on WAN
Post by: chemlud on November 21, 2020, 06:33:33 pm
Most likely your routing tables needed the reboot?

Are you using site-to-site? I use for DNS (on remote-end clients) the IP of the OPNsense on the connected LAN interface net...
Title: Re: WireGuard setup required reboot, Unbound available on WAN
Post by: mimugmail on November 21, 2020, 07:00:57 pm
1. This was a misconfig on your side for sure. I set up WireGuard this week for a customer, no reboot required

2. In WireGuard client you can choose which dns to use. Best use LAN ip like in other thread posted. But you have to add an ACL in Unbound
Title: Re: WireGuard setup required reboot, Unbound available on WAN
Post by: chemlud on November 21, 2020, 07:05:14 pm
...But you have to add an ACL in Unbound

https://forum.opnsense.org/index.php?topic=20018.msg92561#msg92561

;-)
Title: Re: WireGuard setup required reboot, Unbound available on WAN
Post by: JasonJoel on November 29, 2020, 05:14:47 pm
Hope that helps someone else. The setup is really quite simple and it works great. But geez, I spent a lot of befuddled time to get there. (When in doubt, reboot!)

I had a heck of a time getting wireguard to work when I installed it yesterday. In my case I also had to reboot before DNS resolution would work (yes, I had an access rule added in Unbound for the network). Interestingly the network showed up in the default Unbound access rules after rebooting (was not in there before reboot), so I removed my custom access rule.

Out of curiosity, did you end up assigning the wg0 as an interface? I did, but not 100% sure I really had to. Still pretty new to opnsense, so fumbling my way through it.
Title: Re: WireGuard setup required reboot, Unbound available on WAN
Post by: R4v3n on November 29, 2020, 05:40:10 pm
I'm trying to get a working wireguard too, and got some kinds of same problems than OP.
Currently I can connect my android client to my opnsense wireguard server, I can ping all others LANs.
I tried to put my wireguard server IP as a DNS server (present in Unbound access list), and did the same with the LAN opnsense IP (both pingable).
In both cases, I'm not able to have a DNS resolution working on the android device. I can ping my LANs, I can ping the whole internet IPs, but no DNS resolution.

If  somebody have an idea ?

So currently for me, it's way faster to setup an OpenVPN service on OPNsense than wireguard.
Title: Re: WireGuard setup required reboot, Unbound available on WAN
Post by: mimugmail on November 30, 2020, 06:13:04 am
Maybe it's just blocked by Firewall?
Title: Re: WireGuard setup required reboot, Unbound available on WAN
Post by: R4v3n on November 30, 2020, 09:38:26 am
I though about it this morning, but my current firewall rule on the "wireguard" interface allows everything from the wireguard net.
Will check this again tonight.
Title: Re: WireGuard setup required reboot, Unbound available on WAN
Post by: mimugmail on November 30, 2020, 09:55:22 am
Try the tunnel ip and not Wireguard net, also check the live log