Messages

1

Virtual private networks / Re: Wireguard in 21.1.8 fresh install won't run [SOLVED]

« on: July 14, 2021, 03:43:03 pm »

Hi,

This is just for anyone stumbling on the same problem.

Problem:
wg-quick up wg0 exits with a ifconfig destroy wg0 ie the tunnel started just previous is killed.

Reason:
WAN is on the same LAN as I want to add a route to from the remote location.

Why is it?
I temporarily connected the remote location router to my home LAN for setup.

2

Virtual private networks / Re: Wireguard in 21.1.8 fresh install won't run

« on: July 12, 2021, 07:48:32 pm »

I have the same problem, but after upgrading to 21.1.8.

I tried to uninstall the wireguard plugin and install it back, but still no luck.

I tried to activate Wireguard from cli but no luck :

Code: [Select]

root@OPNsense:~ # wg-quick up /usr/local/etc/wireguard/wg0.conf
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.112.0.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 10.112.0.9/32 -interface wg0
[#] route -q -n add -inet 10.112.0.8/32 -interface wg0
[#] route -q -n add -inet 10.112.0.7/32 -interface wg0
[#] route -q -n add -inet 10.112.0.5/32 -interface wg0
[#] route -q -n add -inet 10.112.0.4/32 -interface wg0
[#] route -q -n add -inet 10.112.0.3/32 -interface wg0
[#] route -q -n add -inet 10.112.0.2/32 -interface wg0
[#] route -q -n add -inet 10.112.0.10/32 -interface wg0
[#] route -q -n add -inet 192.168.1.0/24 -interface wg0
[#] resolvconf -d wg0
[#] rm -f /var/run/wireguard/wg0.sock

More over, Wireguard interface is DOWN in the dashboard and does not appear anymore in the assignments part of the interface.

After a bit of diging, I found something : I removed all the clients but my iPhone and tried to activate the wireguard service : it worked. I then added back all the clients and it still works. I tried to find some debug logs but did not found anything, where are they ?

I have a single peer configured and it still won't start.

3

Virtual private networks / Re: Wireguard in 21.1.8 fresh install won't run

« on: July 12, 2021, 07:46:41 pm »

Hmmm, without info on config hard to debug. I have a S2S wireguard between 2x 21.1.8 working fine before and after updating to 21.1.8.

Ok, so what would help?

screenshots of the wireguard setup?

wg0.conf from the remote server:

Code: [Select]

[Interface]
PrivateKey = Edited =
Address = 172.16.15.100/24
ListenPort = 51820

[Peer]
PublicKey = 9mpcKwmI0CeNs9RTlow3i/TV3Amu1gF7nvMmdgHfMAM=
Endpoint = DNS Name of access server:51805
AllowedIPs = 172.16.10.0/24,172.16.15.5/32

Log from the startup:

Code: [Select]

wg-quick up wg0
[#] ifconfig wg create name wg0
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.100/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 172.16.15.5/32 -interface wg0
[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] ifconfig wg0 destroy
I have installed the wireguard-kmod, hence the difference from the previous post.

The only thing I see differing from the working server is the final ifconfig wg0 destroy

4

Virtual private networks / Re: Wireguard in 21.1.8 fresh install won't run

« on: July 11, 2021, 07:39:18 pm »

To make it clear:

Why does wg-quick up wg0 run an ifconfig wg0 destroy?

5

Virtual private networks / Wireguard in 21.1.8 fresh install won't run

« on: July 10, 2021, 01:41:51 pm »

Hi

I've run into a strange configuration issue. I have my home gateway / Wireguard access server since a few years back and now I'm doing a fresh install on a secondary location. I've followed all the steps in the Howto-Site-to-Site at https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html and keep getting no connection on the new system.

A

Code: [Select]

wg-quick up wg0 on the access server sees all my peers and sets all routes as expected.

Code: [Select]

# wg-quick up wg0
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.5/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 172.16.15.100/32 -interface wg0
[#] route -q -n add -inet 192.168.20.0/24 -interface wg0
[+] Backgrounding route monitor
The same is true of the

Code: [Select]

wg show
But on the fresh install there is a final line in the

Code: [Select]

wg-quick up wg0 command that is different.

Code: [Select]

# wg-quick up wg0
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.100/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 172.16.15.5/32 -interface wg0
[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] rm -f /var/run/wireguard/wg0.sock

Where is this last command run?

Code: [Select]

[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] rm -f /var/run/wireguard/wg0.sock
and why is it not

Code: [Select]

[#] route -q -n add -inet 192.168.20.0/24 -interface wg0
[+] Backgrounding route monitor

Does anyone know?

6

20.1 Legacy Series / Re: Boot fail on installer

« on: June 17, 2020, 05:48:30 am »

Thanks, that made me pull ahead and finish the install.

Where's that info in the wiki? Seems like an AMD problem.

7

20.1 Legacy Series / Boot fail on installer

« on: June 15, 2020, 08:54:20 pm »

Hi Everyone.

I've run into a frustrating problem setting up a fresh install on a server that will just do network infrastructure and firewalling. It's replacing an aging Debian box doing just that.

I can't get into the installer!
I've tried 19.7, 20.1, HBSD 11.3, 12.1 They all have the same issue.

Vanilla FreeBSD, 11.3 and 12.1 boots just fine. I've even installed 11.3 and did do a opnsense-bootstrap just to get into the same non booting system. Same place, same message.

At
start_init: trying /sbin/init
it just reboots.
I managed to get a video snap of this passage and saw also
Starting files system checks:
/dev/ufs/HardenedBSD_Install: FILE SYSTEM CLEAN: SKIPPING CHECKS

Ok, you probably want the Hardware...

HP Microserver NL54
AMD Turion II dual core
4G DDR3 ECC
HD tried several, including diskless
Network: Intel 350 4port Gbit, Broadcom MB Gbit (disabled and enabled)

I'm at my whits end here. Any pointers or tricks to finding out what's the problem?

Regards mrEss