Messages

Hello,

So after trying and trying to understand why it is not working on OPNsense, i think i found something.

If i do a tcpdump on the port 51920 (WG configured port) on my VPS, i see nothing, even when restarting on OPNsense nothing is happening on VPS.
If i connect my phone directly i can see traffic on tcpdump.

Result ;
For some reason no traffic is send from OPNsense to my VPS.


Status ;
Trying to understand why the wireguard traffic from OPNsense (Firewall itself) is not able to reach the VPS.

Test ;
Using Interfaces -> Diagnostics -> Ping
Ping is ok to my VPS.
I can confirm that the default gateway is ;
ipv4   default   192.168.1.254   UGS   NaN   1500   igc0   WAN
So the zone to look at is the WAN.
In term of rules, normally everything is open but as it is from the firewall itself i have to say that i don't really know how to troubleshoot this properly.

I want to have OPNsense acting as "a client". The connection should be initiated from the firewall to the VPS.
- Yes the listen port is blank, i tried to set it manually to 51820 or 51920 but that is not changing anything which i think is normal as this is initiated from the firewall itself so it will pick a random port. (Like my phone did)
- Yes public key field is blank as it was not part of the config file, i think it is auto-generated using the privatekey but just in case i copy/paste the public key generated from my wireguard android client (which is the same as the windows client), same result.
- I can't generate traffic as the tunnel is not even going up, based on your comment i tried to create a gateway monitoring but not possible as i am not receiving IP because the tunnel is not up.
- On the rules side it should be ok ; I assigned the interface wg0, created a permit * rule on it.

Thank you

[/24]

Allowed IPs = 0.0.0.0/24? You see the problem?

Whooo, thank you that was a big one ..

You cannot view this attachment.

After fixing this issue, i still have the same behavior.
Thank you

Hi folks,

I am banging my head for a while now, i am just trying to connect OPNsense to my wireguard (wg-easy) hosted on a VPS.

Using my phone or laptop i can connect directly without any issue. On the phone i am using the QRcode generated, on the laptop just downloading and using the conf file. All good.
Trying to configure on OPNsense for a while and it never works so obviously i am doing something wrong on OPNsense side.

Here is the config file :

Code Select Expand

[Interface]
PrivateKey = 0C0oDOLxvdvIHlnlos1xpgjEPFBofaLIYBsqHYXn2Ew=
Address = 10.8.0.4/24
DNS = 1.1.1.1

[Peer]
PublicKey = wu72D8TBjwjT8m71o4tvIKTxLg8mWTriNcSv11lNYlA=
PresharedKey = dUZ0fOiF1pE+sUbt41Qr2lGCDUEb3LdqrhyKAUyQRdY=
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = x.x.x.x:51920
Here is what i did on Opnsense :
You cannot view this attachment.You cannot view this attachment.You cannot view this attachment.You cannot view this attachment.

I have no idea about what i am doing wrong and the logs are not very verbose here.
Does someone have an idea about my issue ?

Thank you.
Regards.

Hello,
Just to say thank you for the thread/posts.
I will receive my NUC with 4 x 2,5gbps interfaces and i was looking how to create a trunk/tagged interfaces with multiples interfaces on a port (LAN side) and use other interfaces as access/untagged port using one vlan that is part of the trunk.
I understand thanks to this reading that i should use bridge interfaces to create a virtual link between the physical port and allow the specified vlan to be part of both of them.

Thanks !!