Messages

The Wireguard instance does not need the Listen Port to use 51820.

If you leave it blank it will use a random source port number.

Also, the Wireguard instance does not need a public key, only the private key.

If I disable Wireguard, then enabled it, the handshake does not work.

After rebooting it does work...

that MTU seems awful high.  i used 1340  for my fiber connection.

reboot?  i didn't reboot to be honest

It's what they're recommending in the link for the MTU.

"MTU 1420 (default) or 1412 if you use PPPoE; it's 80 bytes less than your WAN MTU"

Oh, but the Max Ms Normalization, you're right is 1372 for PPoE.

https://docs.opnsense.org/manual/how-tos/wireguard-client.html

make sure to enable Wireguard MSS Clamping IPv4  per instance

After setting the MTU and Max Ms setting, why is a reboot required?

I've noticed with a few things, saving is not good enough, after rebooting it starts working. This makes troubleshooting so much harder, as you never know if you're a reboot away from getting it working, and therefore you end up endlessly rebooting to check if it works.

You're an absolute legend! Thank you.

For anyone else, as I was using PPoE for authentication to my ISP on the WAN. I needed to set the normalization rule Max ms as 1412, and in the Wireguard Instance, click advanced and set the MTU as 1372.

For whatever reason it still wouldn't handshake until I assigned and enabled the wg0 interface, and then rebooted the firewall.

What a pain in the ass this has been! ffs

Hello,

Running a clean install of Opnsense v25.1. Followed this youtube tutorial (https://www.youtube.com/watch?v=fFszlJpTBoc) to the letter, but after enabling Wireguard I'm not seeing any "Received" bytes, only send bytes (VPN > Status).

At 6min 25 sec in the youtube video, he says that after enabling wireguard, you should see the Handshake and Received bytes. However, I don't see a Handshake timestamp, and received is 0 bytes.

How can I troubelshoot the handshake?

I'm running a Lenovo P330 with a Intel Quad PCIe ethernet card. My LAN is using the on-board NIC, and the WAN is using the quad card. Internet connection is working find out-of-the box.

I've double checked all the public/private keys for the peer and instance, and other details for the config file that Mullvad generated, but it's just not establishing the wireguard tunnel completely.

How can I troubleshoot this? I've spend about 24 hours trying to get it working.

Possibly that card is so old it needs a firmware update?

https://www.intel.com/content/www/us/en/support/articles/000005790/software/manageability-products.html

Thank you Patrick. That was indeed the problem precisely. After upgrading the firmware Opnsense detects the card correctly.

Hello,

I recently purchased a Lenovo P330 Tiny and a I350-T4 V2 Quad 1Gbps PCIe network card.

After installing the card and Opnsense v24.7 the I350-T4 card is not detected.

As Opnsense OS is loading I can see the following error flash by during the boot process. (see attached photo).

Does anyone know what's required to get the card working?

Thanks