OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of nathanfr »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - nathanfr

Pages: [1]
1
Virtual private networks / Re: Wireguard - Unable to open tunnel from one side
« on: March 28, 2024, 09:54:17 pm »
Quote from: chemlud on March 28, 2024, 09:49:35 pm
once the tunnel is established (with keep-alive) its up and running. no further initiation necessary.

do a package capture on the data center side to see if UDP is arriving at your wireguard client (OPNsense?)

You can see the UDP packets arriving at the data center opensense (1.jpg attachment in the first message).

2
Virtual private networks / Re: Wireguard - Unable to open tunnel from one side
« on: March 28, 2024, 09:52:43 pm »
Yes, that's true, but you have to keep sending packets through the tunnel otherwise it closes, and you have to restart a handshake:
wg1: Zeroing out keys for peer 21, since we haven't received a new one in 540 seconds

Here is the return from the socksat command to show that the port is open:

USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS     
? ? ? udp4 *:51820 *:*

3
Virtual private networks / Re: Wireguard - Unable to open tunnel from one side
« on: March 28, 2024, 09:48:16 pm »
I want to initiate the tunnel from both sides because the tunnel is not open all the time and sometimes the LAN behind my home opnsense needs to open the tunnel to access the LAN behind the data center opnsense and vice versa.

Yes, port 51820 in UDP is open on both sides.

4
Virtual private networks / Wireguard - Unable to open tunnel from one side
« on: March 28, 2024, 09:13:30 pm »
Hello,

I have set up a site-to-site tunnel following this procedure:
https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html

It's impossible to open the connection from my first opnsense (which is at home) to the second (which is in a datacenter rack) but if the second opnsense initializes the handshake, then the tunnel is established.

Both opnsenses use port 51820 in UDP and there is no NAT between the two.

To clarify, in the first photo you can see the result when my opnsense initializes the connection.

On the second photo, when the opnsense in the datacenter initializes the connection.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2