Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - BrownCow

Pages1
#1
Virtual private networks / Re: WireGuard Site to Site
December 14, 2020, 12:16:41 AM
On both routers I have forwarded port 51820 from all addresses to the relevant VM.

I also turned off the firewalls on both routers (temporarily) but that didn't help either.
#2
Virtual private networks / Re: WireGuard Site to Site
December 13, 2020, 11:12:30 PM
Thanks. I'll keep plugging away and hopefully someone might have an idea.
#3
Virtual private networks / Re: WireGuard Site to Site
December 13, 2020, 11:05:10 PM
Thanks. I just tried that but I'm still not getting a handshake and still can't ping from one vm to the other.
#4
Virtual private networks / WireGuard Site to Site
December 13, 2020, 10:22:39 PM
First off, I understand that I might be doing this all wrong but I've tried to get myself as far as I can before asking for help.

I want to implement WireGuard in a site to site configuration and since I'm learning, I've decided to put it into OpnSense first. Later I might install it bare metal.

Both setups are ISP Modem -> Asus Router. I still want to use both Asus routers for everything they currently do. As such I only want OpnSense to run WireGuard and nothing more.

I followed this guide up until Step 3. https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html

Both instances of WireGuard initiate and stay that way so it appears I have done something right. Neither have WAN interfaces but both can ping the internet through the existing LAN. I can't ping from one network to the other. I do have an existing OpenVPN server running on one site and can log into it from the other. (Should I stop the OpenVPN server?) Both networks are using the same DHCP range but their servers assign to different subsets.

Running WireGuard from terminal produces:

  • rm -f /var/run/wireguard/wg0.sock
  • resolvconf -d wg0
  • wireguard-go wg0
    INFO: (wg0) 2020/12/14 06:53:51 Starting wireguard-go version 0.0.20201118
  • wg setconf wg0 /tmp/tmp.vHeA3nWe/sh-np.Idyy4J
  • ifconfig wg0 inet 192.168.5.1/24 192.168.5.1 alias
  • ifconfig wg0 mtu 1420
  • ifconfig wg0 up
  • resolvconf -a wg0 -x
  • route -q -n add -inet 192.168.5.2/32 -interface wg0
  • route -q -n add -inet 192.168.1.0/32 -interface wg0
  • Backgrounding route monitor

    and

  • rm -f /var/run/wireguard/wg0.sock
  • resolvconf -d wg0
  • wireguard-go wg0
    INFO: (wg0) 2020/12/14 06:57:15 Starting wireguard-go version 0.0.20201118
  • wg setconf wg0 /tmp/tmp.fKJLL0pk/sh-np.2X3j2S
  • ifconfig wg0 inet 192.168.5.2/24 192.168.5.2 alias
  • ifconfig wg0 mtu 1420
  • ifconfig wg0 up
  • resolvconf -a wg0 -x
  • route -q -n add -inet 192.168.5.1/32 -interface wg0
  • route -q -n add -inet 192.168.1.0/32 -interface wg0
  • Backgrounding route monitor

    The config files are:

    [Interface]
    Address = 192.168.5.1/24
    DNS = 192.168.1.250
    ListenPort = 51820
    PrivateKey = {randomstring}=
    [Peer]
    PublicKey = {randomstring}=
    AllowedIPs = 192.168.1.0,192.168.5.2
    Endpoint = {correctWANip}:51820

    and

    [Interface]
    Address = 192.168.5.2/24
    DNS = 192.168.1.240
    ListenPort = 51820
    PrivateKey = {randomstring}=
    [Peer]
    PublicKey = {randomstring}=
    AllowedIPs = 192.168.5.1,192.168.1.0
    Endpoint = {correctWANip}:51820

    All keys end in an equals sign. (is that correct?)

    Both state in VPN -> WireGuard -> Handshakes = 0.

    I haven't added any routes or anything to the firewall as WireGuard isn't using a Wan interface (I understand this could be the problem).

    Like I said, I'm new to this so understand I might have a fundamental problem that I can't see.
Pages1