"
Hi,
I think I have discovered a bug which would explain why I and other users on the forum are having issues with wireguard / OPNsense.
My setup:
I have quite a few WireGuards I use to segregate my network and since I rebooted my firewall/router all of them can no longer communicate (The firewall blocks everything until the fix bellow). I fixed it as it was the same issue I had a few weeks ago and didn't report at the time.
I am doing the diagnosis on my proxy-lan WireGuard but the issue is on all my used / working WireGuards. I have a few I haven't finished setting up / implemented (They dont have clients / routes yet) and they aren't affected (They show an address on Lobby -> Dashboard -> Interfaces and probably work).
The issue:
So yesterday I was testing my ddns setting so I rebooted my router to test how fast an IP change would be propagated. I didn't change anything at the time in my opnsense settings, I just wanted to test how fast my vps proxy would recover from an IP change / DuckDNS updated route. But that killed all my WireGuards.
All the WireGuards were working before the reboot.
The only abnormal thing I can see is that now on the Lobby -> Dashboard -> Interfaces those interfaces no longer have an address.
The fix:
I can fix it but it requires me to manually go into all the broken WireGuards interfaces and change the tunnel addresses to something else, save, apply and then restore the right address. In this case changing from 10.0.4.1/24 to 10.0.41.1/24 to 10.0.4.1/24 fixes it.
Just removing the tunnel address and re-adding it dosen't work. I really have to save it to some other random address, save and then I can re-add the real address and the second I save all traffic is restored / allowed.
Should I report this somewhere or am I the one doing something wrong ?
Thanks
PS: The screenshots are of the Interfaces section of the Lobby -> Dashboard. The first with the missing address, the second after I saved the VPN -> WireGuard -> Instance to a dummy address and the 3rd when I restored the initial address.
I think I have discovered a bug which would explain why I and other users on the forum are having issues with wireguard / OPNsense.
My setup:
I have quite a few WireGuards I use to segregate my network and since I rebooted my firewall/router all of them can no longer communicate (The firewall blocks everything until the fix bellow). I fixed it as it was the same issue I had a few weeks ago and didn't report at the time.
I am doing the diagnosis on my proxy-lan WireGuard but the issue is on all my used / working WireGuards. I have a few I haven't finished setting up / implemented (They dont have clients / routes yet) and they aren't affected (They show an address on Lobby -> Dashboard -> Interfaces and probably work).
Code Select
Versions:
OPNsense 24.1.10_2-amd64 (But the same issue happened in 24.1.9)
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.14
The issue:
So yesterday I was testing my ddns setting so I rebooted my router to test how fast an IP change would be propagated. I didn't change anything at the time in my opnsense settings, I just wanted to test how fast my vps proxy would recover from an IP change / DuckDNS updated route. But that killed all my WireGuards.
All the WireGuards were working before the reboot.
The only abnormal thing I can see is that now on the Lobby -> Dashboard -> Interfaces those interfaces no longer have an address.
The fix:
I can fix it but it requires me to manually go into all the broken WireGuards interfaces and change the tunnel addresses to something else, save, apply and then restore the right address. In this case changing from 10.0.4.1/24 to 10.0.41.1/24 to 10.0.4.1/24 fixes it.
Just removing the tunnel address and re-adding it dosen't work. I really have to save it to some other random address, save and then I can re-add the real address and the second I save all traffic is restored / allowed.
Should I report this somewhere or am I the one doing something wrong ?
Thanks
PS: The screenshots are of the Interfaces section of the Lobby -> Dashboard. The first with the missing address, the second after I saved the VPN -> WireGuard -> Instance to a dummy address and the 3rd when I restored the initial address.
