OPNsense Forum

English Forums => Virtual private networks => Topic started by: jimjohn on August 28, 2021, 08:17:53 pm

Title: WireGuard RoadWarrior Internet Access not working
Post by: jimjohn on August 28, 2021, 08:17:53 pm

Hi,

I ultimately want to setup a WireGuard Road Warrior setup to be able to "secure" my mobile device's WiFi traffic in public networks. As an initial test, I want to connect locally (from my home network behind OPNsense) to the WG server running on the OPNsense, routing my traffic directly to the internet without any interference to local networks. Once this works, I want to do the same on the WAN interface with a port forward from my ISP's router.

Therefore, I followed that guide: https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I was able to get a handshake and a successful Wireguard connection (OPNsense => Wireguard => Handshake => Latest Handshake available).

I also added a FW rule to the "WireGuardRoadWarrior" Interface that I added as given in the tutorial:

IPv4 TCP/UDP SOURCE WireGuardRoadWarrior net * DESTINATION !RFC1918 (My alias that I use for _the internet_) *

Unfortunately, I cannot reach public addresses, however, I can reach the OPNsense web GUI. I also see the WG traffic (DEST PORT 51820) and the WireGuardRoadWarrior Interface traffic on :443 on the live log. However, my browser does not get a response.

Do you have any ideas what the problem could be?

Here's the output from the WireGuard page on OPNsense:

interface: wg0
  public key: XXXXX
  private key: (hidden)
  listening port: 51820

peer: YYYYY
  endpoint: 10.0.1.11:57092
  allowed ips: 10.10.10.2/32
  latest handshake: 1 minute ago
  transfer: 23.49 KiB received, 29.60 KiB sent

Here's the PEER CONFIG

[Interface]
PrivateKey = ZZZZ
Address = 10.10.10.2/24

[Peer]
PublicKey = ZZZZ
AllowedIPs = 0.0.0.0/0
Endpoint = 10.0.1.1:51820

Let me know if you require any more information.

... or should I rather use OpenVPN?  ::)

Title: Re: WireGuard RoadWarrior Internet Access not working
Post by: jimjohn on August 28, 2021, 09:19:34 pm

OK, solved.

I forgot the DNS setting in my client's config.

Here's the complete working client config:

[Interface]
PrivateKey = XXX
Address = 10.10.10.2/24
DNS = 10.0.1.1

[Peer]
PublicKey = ZZZ
AllowedIPs = 0.0.0.0/0
Endpoint = 10.0.1.1:51820

Title: Re: WireGuard RoadWarrior Internet Access not working
Post by: enkrates on August 30, 2021, 03:24:30 am

Curious, when you enter the endpoint for your WireGuard remote peer (e.g., mobile device), do you use the public IP/port (92.134.66.12:51820 or the domain name/port (mydomianname.com:51820)?

I can't get my setup to do handshake and I think it's because I use IP address/port for the endpoint and not domain name.

Title: Re: WireGuard RoadWarrior Internet Access not working
Post by: Greelan on August 30, 2021, 04:48:59 am

You can use either