OPNsense Forum

English Forums => 22.1 Legacy Series => Topic started by: maclinuxfree on March 18, 2022, 06:25:16 pm

Title: [solved] Wireguard issue since 22.1.3 upgrade
Post by: maclinuxfree on March 18, 2022, 06:25:16 pm
Hello,

my wireguard site2site tunnel is not working after upgrading to 22.1.3.

There is no handshake. I had to switch to opnevpn site2site to get my connection back. On 22.1 it was fine.

Pls help.
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: MoonbeamFrame on March 23, 2022, 12:16:24 pm
I am seeing a similar issue.

The only difference is that I updated to 22.1.3 a few days ago. os-wireguard version 1.10

Connections were working as of 2022-03-22 21:00 (GMT) but now there are no handshakes.

It looked like as handshakes expired they were not renewed and once all had expired that was it.



Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: Superduke on March 23, 2022, 01:17:28 pm
Have you tried disabling the main tunnel and clients and then re-enabling them?  I have found that the Wireguard setup is somewhat finnicky when it comes to that if a major upset to the system happens.  It seems as if timing matters so maybe try a couple of disables and re-enables and it may come back for you.
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: mimugmail on March 23, 2022, 01:23:26 pm
https://github.com/opnsense/plugins/issues/2901#issuecomment-1075753215
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: MoonbeamFrame on March 23, 2022, 05:03:52 pm
@Superduke

Yes. I also tried firewall reboots and removing the plugin and reinstalling again.

@mimugmail

This does not appear to match my scenario, and the solution presented looks to differ from the Road Warrior Setup docs. I did try the suggested solution, but that did not resolve the problem.


Form the GUI the wireguard service  looks to be running in that I can see activity in the List Configuration tab, but no handshakes.
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: mimugmail on March 23, 2022, 07:33:13 pm
Then you need to attach some Screenshots
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: MoonbeamFrame on March 24, 2022, 12:51:50 pm
My issue does not appear to be configuration related.

Having run a Health check, and dealt with a couple of minor issues, Wireguard sessions would still not come up.

Downgrade OPNsense to 22.1.2_1  and all is working.

As there are no references to Wireguard in the 22.1.3 patch notes it looks like there is an unexpected dependence on one of the other changes.
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: maclinuxfree on March 24, 2022, 01:30:51 pm
In my case I changed back to openvpn s2s...hopefully 22.1.4 fixes it.
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: maclinuxfree on March 25, 2022, 10:27:36 am
Hello sadly still no luck.
On 22.1.4_1 the tunnels connecting but there are traffic issues.
Web traffic http https is working through the wg tunnels but ssh and ping sometimes not.
OpenVPN tunnels are fine.
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: mimugmail on March 25, 2022, 12:00:32 pm
Then you need to attach some Screenshots

...
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: maclinuxfree on March 25, 2022, 12:02:54 pm
I things there is something wrong with the routing.

If I do an angryip-scan to the opposite site of the wg-tunnel...every IP answers to be allive.

So no more wg for me now.
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: guenti_r on March 25, 2022, 01:32:52 pm
Hmmm... no issues here..
Have alot of OPNSense Appliances with Wireguard, all work flawless as usual.

Why are your Allowed IPs in the same subnet? Never seen this before:

Allowed IPs: [10.0.0.0/24] [10.0.0.9/32]
Allowed IPs: [10.0.0.0/24] [10.0.0.1/32]

Please separate these subnets, for example 10.0.1.0/24 10.0.0.9/32
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: maclinuxfree on March 25, 2022, 01:38:31 pm
This I found out the isssues are only on vodafone Cable wans. Telekom 2 Telekom no issue.

And it worked all under 22.1
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: guenti_r on March 25, 2022, 01:45:55 pm
Ok, then you have a MTU or MSS problem.
Easy to solve.
Title: Re: Wireguard issue since 22.1.3 upgrade
Post by: maclinuxfree on March 25, 2022, 02:32:22 pm
I think it's working now.

These two settings were ticked. This causes the issues in WG.

(https://i.imgur.com/3FsT6F4.png)
Title: Re: [solved] Wireguard issue since 22.1.3 upgrade
Post by: MoonbeamFrame on March 25, 2022, 07:31:02 pm
I saw the same issue upgrading to 22.1.4 as I did when upgrading to  22.1.3.

Using the console to restore the previous night backup resolved the issue for me.