Messages

You are right. that was missing. I have now set it up but it still doesnt work.

I did a test to see if what I was seeing client side would still happen if Wireguard was disabled (to test if I was actually connecting) and it turns out it did, except the handshake counter kept increasing.

Below is the log from the iphone wireguard app.

2024-12-03 20:03:47.613040: [APP] Status update notification timeout for tunnel 'Homewireguard'. Tunnel status is now 'connected'.
2024-12-03 20:03:53.171067: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun4]
2024-12-03 20:03:53.171652: [NET] DNS64: mapped (my home network IPv4 address) to (ipv6 address im pretty sure is the iphone)
2024-12-03 20:03:53.171916: [NET] peer(YWvh...TNwY) - UAPI: Updating endpoint
2024-12-03 20:03:53.172053: [NET] Routine: receive incoming v4 - stopped
2024-12-03 20:03:53.172126: [NET] Routine: receive incoming v6 - stopped
2024-12-03 20:03:53.172321: [NET] UDP bind has been updated
2024-12-03 20:03:53.172338: [NET] Routine: receive incoming v4 - started
2024-12-03 20:03:53.172357: [NET] Routine: receive incoming v6 - started
2024-12-03 20:05:02.077460: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:02.797338: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun4]
2024-12-03 20:05:02.799268: [NET] DNS64: mapped (my home network IPv4 address) to (ipv6 address im pretty sure is the iphone)
2024-12-03 20:05:02.799586: [NET] peer(YWvh...TNwY) - UAPI: Updating endpoint
2024-12-03 20:05:02.799909: [NET] Routine: receive incoming v4 - stopped
2024-12-03 20:05:02.800085: [NET] Routine: receive incoming v6 - stopped
2024-12-03 20:05:02.800472: [NET] UDP bind has been updated
2024-12-03 20:05:02.800549: [NET] Routine: receive incoming v4 - started
2024-12-03 20:05:02.801111: [NET] Routine: receive incoming v6 - started
2024-12-03 20:05:07.096433: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 2)
2024-12-03 20:05:07.098835: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:12.214579: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 2)
2024-12-03 20:05:12.214946: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:17.416137: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 2)
2024-12-03 20:05:17.416508: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:22.593056: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 2)
2024-12-03 20:05:22.593428: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:27.790601: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 2)
2024-12-03 20:05:27.790963: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:32.961273: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 3)
2024-12-03 20:05:32.961615: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:38.146889: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 2)
2024-12-03 20:05:38.147135: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:43.419835: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 2)
2024-12-03 20:05:43.420158: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:48.675216: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 3)
2024-12-03 20:05:48.675506: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:53.900224: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 4)
2024-12-03 20:05:53.900542: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:05:58.976631: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 5)
2024-12-03 20:05:58.976832: [NET] peer(YWvh...TNwY) - Sending handshake initiation
2024-12-03 20:06:04.204097: [NET] peer(YWvh...TNwY) - Handshake did not complete after 5 seconds, retrying (try 6)
2024-12-03 20:06:04.204432: [NET] peer(YWvh...TNwY) - Sending handshake initiation


Thank you for the help

So I will be upfront. Im still pretty green and pretty much only follow guides online. So apologies if the answer is facing me right in the face.

I have a basic set up. My OPNsense box is connected to my old wireless router (now in bridge mode) which has a wired connection to my small home server and everything else wifi. I have two VLANS one called trusted that everything sits on and one called Untrusted which is unused (but will be eventually). I have Unbound set up with blocklists.

I want to set up wireguard for protection on my phone and access to my Mealie instance.

I followed the Road warrior guide https://docs.opnsense.org/manual/how-tos/wireguard-client.html#wireguard-road-warrior-setup to the letter except I have DDNS set up with NOIP.

My phone sometimes seems to connect stating "Tunnel now set to connected"  in the logs, but cant access the internet and trying to access mealie the page gets stuck loading. After I try accessing the net the "Sending handshake initiation" then "handshake did not complete after 5 seconds, retrying" and gets stuck in a loop trying to initiate handshakes. occasionallz reconnecting and restarting the loop.

Can anyone see what I am doing wrong? I have added some screenshots showing I have folllowed the guide.

So I know this has probably been asked before but I couldnt find such a simple question in the seach bar.

I am new to Opnsense haveing just upgraded from Pihole and an ISP router. I got through installation reasonably easily with just some small issues around interface assignment in Point to Point and  making the right port my WAN interface. I have also been able to replicate Pihole ad blocking with the unbound blacklists.

So I would like o know what the next step is? Do I now need to create firewall rules or am I already protected with the defaults and if not what is reccomeneded? I would also like to set up a VPN is OpenVPN or Wireguard reccomended?

What are other preoples first things to set up on a clean install for a home network?