OPNsense Forum

English Forums => Virtual private networks => Topic started by: Ray on July 10, 2022, 11:42:33 pm

Title: Wireguard handshake
Post by: Ray on July 10, 2022, 11:42:33 pm

Hello Dear Members!

For several months I can’t deal with Wireguard. And this begins to drive me crazy.
It seems to me that I tried all the manuals on the Internet.

In the end, I settled on this:
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/wireguard-client.rst
Everything is done as described.
But the handshake only occurs if I am on the same wifi-network with the WG server. And everything works great.

If I plunge from a mobile network, handshakes do not happen.
WAN-rule passed.
The client is trying to make a handshake, and nothing happens further.

Help me please how to find out what is the problem?

Title: Re: Wireguard handshake
Post by: Ray on July 10, 2022, 11:48:08 pm

Screens

Title: Re: Wireguard handshake
Post by: Greelan on July 11, 2022, 12:56:08 am

You will need to post your actual configs on OPNsense and mobile phone. The screenshots above give very little useful info

BTW, the web version of the how-to is easier on the eye xD

https://docs.opnsense.org/manual/how-tos/wireguard-client.html

Title: Re: Wireguard handshake
Post by: Ray on July 11, 2022, 08:59:54 am

Configs

Title: Re: Wireguard handshake
Post by: Greelan on July 11, 2022, 10:13:08 am

Looks OK

Is unbound actually listening on the WG interface? You've specified that for DNS on the mobile

What about your WAN rule and WG interface rules?

Title: Re: Wireguard handshake
Post by: Ray on July 11, 2022, 10:36:13 am

Adhuardhome listens to all interfaces. I have OpenVPN servers and they will resolve without problems.
And when I am in one WiFi network and a handshake occurs, Adguardhome resolving a WG client "192.168.33.10"

Interface Wg is on.

Title: Re: Wireguard handshake
Post by: Greelan on July 11, 2022, 12:15:55 pm

Have you applied that second rule? The screenshot still says it hasn't been applied

Title: Re: Wireguard handshake
Post by: Greelan on July 11, 2022, 12:18:08 pm

And your WG subnet is totally different to your LAN, right? No overlapping subnets?

Title: Re: Wireguard handshake
Post by: Ray on July 11, 2022, 01:23:53 pm

Yes, the rule are applied.
I moved it up from the inactive for the screenshot and not to apply it

Subnets are not overlapping. I think I could not connect to WG from the home network if the subnets overlapping.

Title: Re: Wireguard handshake
Post by: Ray on July 11, 2022, 02:21:34 pm

Netstat

Title: Re: Wireguard handshake
Post by: spyware-avoidance on July 15, 2022, 06:45:30 pm

I have been experiencing the same thing. The issue is that mine works once in a while, for example, if I make a change in OPNsense, and then go back and restore settings (to undo the change), then WireGuard works from external network. Then after a while it will not work no matter what.
I'm new to OPNsense, so I have done steps in the documentation several times, and WireGuard just works randomly, and it doesn't work more often than it does work.
This is an issue I have been experiencing since I started using OPNsense, so something is probably wrong with the server itself, or the way configuration are applied. I have other services running, so I suppose the firewall rules work, because I do not have any issues with those.
I was just about to hook up a darn RaspberryPi to the router and just do a NAT port forward, because I can't seem to figure out what is going on with Wireguard in OPNsense.
Edit: rebooting OPNsense does not make a difference, only if I revert a change under the system menu, and even then it only lasts for a while before it stops working again.