Messages

Found the problem: the "IPv4 Local Network" and "IPv4 Remote Network" fields in the OpenVPN configuration page contained spaces after the commas, which made the settings fail to apply silently. Removing the extra spaces and restarting the VPN server made everything go back to normal.

Hi,

I have an OpenVPN server running on version OPNsense 21.7.2_1.
After updating to the latest firmware my OpenVPN routes for external clients are no longer added to the routing table. I can see them in the OpenVPN connection status page, but not on the main routing table. As such, no traffic is being routed towards the external VPN networks. Is this a known problem? Is there any workaround for it?

Thank you!

Success!

I've managed to get the tunnel up and running by adding a keepalive interval for the remote endpoint.
I don't understand why this is happening, maybe some more experienced can explain this to me...

Anyway, thank you Greelan for your input!

I do have the outbound NAT rule defined, but at this point I would be content  if I could get the other endpoint's address to respond to ping. It's hard to understand what's going on without any logs or feedback from the system.

I undertand, though I find the logic a bit confusing - in my particular scenario only one machine can initiate the tunnel. But If I were to have a public IP address, expose whatever port I declared as local to the Internet and expose that info to the remote machine, wouldn''t then both be trying to initiate connections at the same time?

Anyway, I do have the default port entered, and everything is set correctly (IP address/port, keys), yet the tunnel won't come up. Can I find somwhere a log of what Wireguard is actually doing?

I'm not sure that I understand how this is supposed to work - The remote server will never initiate a connection from the outside, as its peer has no IP address or port. This means that I'll have to start the tunnel from the local machine. How can this happen if Wireguard acts as a server and expects incoming connections on whatever port I declare for the local configuration?

Can I somehow force Wireguard to initiate the tunnel from the local machine?

Thanks

Hello,

I'm trying to establish a Wireguard tunnel from a Opnsense machine behind a 4G connection that does not allow to expose ports to the Internet. Therefore, I need to trigger the connection to the remote machine using a random port (dynamic endpoint mode) - however, the GUI does not allow me to save the local configuration without a listening port.  Is there any way to force Wireguard into initiating a "client" connection with a remote endpoint?

Thank you!