Messages

Thanks for the reply and thanks a lot for checking my config. I have done the same thing "1000 times" and compared it with the config of the ios devices, but as it is sometimes, you still miss the error.

Now it also works with my windows client. Thank you!!! :)

[FritzBox Port enable:]

Hi,

I have set up WireGuard on my OPNsense.
My iOS clients, e.g. my IPad establish a VPN connection without any problems.

I am having trouble setting up my Windows PC.
The Windows client sends data, but does not receive any. The handshake fails. I have also disabled the Windows firewall.
I don't understand why the Windows client can't establish a VPN connection and would be very grateful if you could help me!

(My OPNsense is located behind a FritzBox)
(I tested the VPN on my PC using my phone's hotspot.)

Here is my configuration of WireGuard on the OPNsense and the Windows Client:


FritzBox Port enable:
^{OPNsense -> Port 55840 (IPv4)}

OPNsense
WAN:
^{Protocol: IPv4/UDP
Source: *
Port: *
Destination: WAN address
Port: 55840
Gatway: *}

WireGuard-Interface:
^{Protocol: IPv4 TCP/UDP
Source: 10.10.10.12
Port: *
Destination: 192.168.220.10
Port: 80
Gatway: *}

WireGuard local configuration:
^{Enabled: yes
Public Key: %KEY1%
Listen Port: 55840
Tunnel Address: 10.10.10.1/24
Peers: Ipad, PC}

WireGuard endpoint configuration (PC):
^{Enabled: yes
Public Key: %KEY2%
Allowed IPs: 10.10.10.12/32}

WireGuard PC configuration:
(Public Key == %KEY2%)

<sup>[Interface]
PrivateKey = xxxxxxxxxxx
Address = 10.10.10.12/32
//(also attempted)//DNS = 8.8.8.8, 8.8.4.4
//(also attempted)//MTU = 1372

[Peer]
PublicKey = %KEY1%
AllowedIPs = 192.168.220.0/24
Endpoint = domain:51840</sup>

Danke für deine Antwort.
Den Endpoint für meinen Windows-Client auf der Sense habe ich bei der Local-Config mit drin. Ebenso die Endpoints meiner iOS Clients mit den alles funktioniert.

Danke für deine Antwort! :)
Ich habe es gleich mal getestet, leider kommt wieder kein Handshake zu stande :(
Die Sense ist per IPv4 erreichbar, IPv6 nutze ich auch gar nicht.

Das ist jetzt die aktuelle config des Windows Clients:


<sup>[Interface]
PrivateKey = *key*
Address = 10.10.10.12/32
DNS = 8.8.8.8, 8.8.4.4
MTU = 1372

[Peer]
PublicKey = 8eZ*key*
AllowedIPs = 192.168.220.0/24
Endpoint = domain.de:51840</sup>


Beim Endpoint der Sense ist nur der Pub-Key und als allowed IPs "10.10.10.12/32" hinterlegt. Mehr nicht.

Hi, danke für die schnelle Antwort! Das hab ich tatsächlich vergessen zu erwähnen, das ich zunächst nur die IP (10.10.10.12/32) auf der Sense hinterlegt hatte. Das dort noch das Netz hinterlegt werden soll sowie die unterschiedlichen Varianten der Windows Client config sind alles vermeintliche Lösungen die ich im Internet bisher finden konnte.

Hier noch die weiteren Bilder.

Hi,

ich habe WireGuard auf meiner OPNsense eingerichtet.
Meine IOS Clients, z.b. mein IPad bauen Problemlos eine VPN Verbindung auf.

An der Einrichtung meines Windows Computers scheitere ich.
Der Windows Client sendet Daten, empfängt aber keine. Der Handshake schlägt fehl. Die Windows Firewall habe ich auch schon mal deaktiviert gehabt.
Ich verstehe nicht wieso der Windows Client keine VPN Verbindung aufbauen kann und wäre sehr dankbar wenn ihr mir helfen könnt!

Hier noch die Konfiguration von WireGuard auf der OPNsense und dem funktionierenden IPad sowie die Konfiguration von dem Windows Client. ( Die Einstellungen der auskommentieren Zeilen hatte ich auch schon ohne Erfolg versucht )

Thanks for your answer!
What else can I do to better understand my problem or setup?

I have already looked in the FW logs, but I only see the first request (Host -> Pi) on port 22. After that I see nothing more. Also no deny.

As you say, the cause must not be the firewall, but I hoped that you can help me in this forum anyway.

After reading many other posts, I thought that the reason is that the two WLAN clients want to establish a direct connection without the traffic going through the firewall. The mentioned workaround (Firewall Optimization set to conservative) did not change anything and therefore did not confirm this assumption.

Hi,

my problem is that a SSH connection between 2 VLAN's is not possible when both hosts are connected via WLAN.

Here a bit more detailed:

My setup:

OPNsense (hardware) with LAN1.
LAN1 is connected to a (Netgear GS305E) switch.
A (TP-Link EAP653 ) AccessPoint is connected to the switch.
Switch and AccessPoint are VLAN enabled and configured as follows:

AccessPoint:
- 3 different SSID's.
- Each SSID is assigned a different VLAN ( 10,20,30 )

Switch:
- Port1: untagged - VLAN 20
- Port2: tagged - VLAN 10,20,30 ( -> OPNsense)
- Port3: untagged - VLAN 30
- Port4: untagged - VLAN 10
- Port5: tagged - VLAN 10,20,30 ( -> AccessPoint)

The networks and IP's are assigned as follows:

LAN1: 192.168.150.0/24
LAN1 gateway: 192.168.150.1
LAN1 IP assignments:
192.168.150.50 - switch
192.168.150.51 - AccessPoint

VLAN10: 192.168.160.0/24
VLAN10 gateway: 192.168.160.1
VLAN10 IP assignments:
192.168.160.6 - PC (WLAN)

VLAN20: 192.168.170.0/24
VLAN20 gateway: 192.168.170.1
VLAN20 IP assignments:
192.168.170.7 - RaspberryPI 1 (LAN port 1)
192.168.170.8 - RaspberryPI 2 (WLAN)

A rule is set up on the OPNsense to allow the PC to access the Raspberries.

Services: TCP/UDP
Source: VLAN 10 / 192.168.160.6
Destination: VLAN20
Ports: any

The problem in detail:

If I open an SSH connection from the WLAN-connected PC in VLAN10 to the LAN-connected RaspberryPI in VLAN20, it works without problems.

If I open an SSH connection from the WLAN connected PC in VLAN 10 to the WLAN connected RaspberryPI in VLAN20, the connection fails after a few seconds.

If I am connected with the PC in VLAN20 via WLAN or I am connected with the PC via LAN on port4 in VLAN10, the SSH connection also works without interruption.

Unfortunately, I haven't figured out yet what is wrong with the interaction between the AccessPoint and the switch when both SSH hosts are in different VLANs via WLAN. I hope you can help me! Many thanks in advance!