Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - TripitakaBC

Pages1
#1
23.7 Legacy Series / Re: Wireguard Roadwarrior help needed
January 03, 2024, 05:38:03 PM
I think at this stage, I must have some corruption going on as there are some things happening that don't line up with the documentation; for instance the automatically-created outbound NAT rules are not being created.

Time for a rebuild from scratch, I think.
#2
23.7 Legacy Series / Re: Wireguard Roadwarrior help needed
January 02, 2024, 11:25:38 PM
And then I assume setting the client to 10.100.100.2/24, forcing a 'static' IP on the subnet. That made sense to me too but all the examples and tutorials I could find used /32 as the subnet.

I did manage to get some progress on the initial config once I somehow managed to break the existing WG tunnels so they were both down. Then I started getting traffic from the Android blocked at the firewall.  ;D
#3
23.7 Legacy Series / Wireguard Roadwarrior help needed
January 02, 2024, 09:20:30 PM
OPNsense 23.7.10_1
os_wireguard (kernel)

I have been running Wireguard outbound tunnels for a year or more using the tutorial below. It's had its glitches, for sure, especially as I have two tunnels running with PIA, one of which has port forwarding but @FingerlessGloves has done a great job of maintaining the repository with fixes.
https://github.com/FingerlessGlov3s/OPNsensePIAWireguard

I have spent the time over the holidays trying to add an incoming WG connection (Road Warrior); I followed the tutorial here https://docs.opnsense.org/manual/how-tos/wireguard-client.html to get everything setup but it didn't work. The Wireguard client on Android gets stuck in handshakes it seems but the diagnostics tab on OPNsense shows no traffic. Of course, I've rebooted and even updated the wg-service-control.php script from the github repo here https://github.com/opnsense/core/blob/master/src/opnsense/scripts/Wireguard/wg-service-control.php.

I'm about as far as I can go with the knowledge that I have and I'm not sure what you guys need in terms of logs to help troubleshoot.

Target:
I'm looking for a few devices to be able to connect to a home LAN system which is spread across 192.168.0.0/16 (I know, I know, I should be using VLANS...). There are 3 Android phones and 3 Windows laptops. All connected clients need access to internal LAN devices and public internet via the firewall.

Tunnel is setup at 10.100.100.1/32 and test Android device is setup at 10.100.100.2/32

Firewall logs do not show any blocking.

All help appreciated.
Pages1