1
Virtual private networks / WireGuard setup required reboot, Unbound available on WAN
« on: November 21, 2020, 06:05:11 pm »
I struggled to get WireGuard installed, configured and working. It was frustrating because the setup and configuration is so simple, there aren't many places to check for mistakes. I have OPNSense 20.7 on a Shuttle mini PC. I discovered two things that finally got it working for me:
Hope that helps someone else. The setup is really quite simple and it works great. But geez, I spent a lot of befuddled time to get there. (When in doubt, reboot!)
- I had to reboot the hardware. At first I couldn't get anything to work. After issuing `service wireguard restart` from a shell, I could finally connect a peer but that peer couldn't access any network. After spending way too much time reviewing the interfaces and firewall rules, I rebooted the OPNsense hardware and then everything just worked. I can't tell you what changed (nothing in my config changed here) and now that it's working, I can't reproduce the problem. So unfortunately, I can't offer anything useful to the devs except it might be worth adding a note in the guides.
- After the "networking" was functional, the remote peer could not access the native Unbound DNS server. My problem was that I had previously removed the WAN interface from the Unbound service network interfaces setting. Enabling Unbound DNS on WAN resolved this issue. In a way it makes sense that the remote peer is coming in through the WAN interface, I think I falsely assumed that the remote peer would appear to come in through wg0 interface I created (for which I had enabled for Unbound).
Hope that helps someone else. The setup is really quite simple and it works great. But geez, I spent a lot of befuddled time to get there. (When in doubt, reboot!)