Messages

Are you trying to establish the tunnel while the device is "inside"

Of course not. The configuration is a virtual Suse machine working as client and connecting the WAN interface of the virtual OPNsense. The device "inside" is the physical host with Suse again. I also fail to see a reason and this is the reason for my asking...

To be clear - the rule setting in "Step 5 - Create firewall rules" (Firewall ‣ Rules ‣ WAN) avoids the handshaking, the same rule moved to "Floating" works.

[moving of the WAN rule to Firewall‣Rules‣Floating, without specifying an interface,]

I saw open questions about the WireGuard handshaking here, so I decided to share my experience.

As a newbie, I did a model of a VPN concept on my laptop under VirtualBox with a Linux client and OPNsense as WireGuard server. I followed the WireGuard Road Warrior Setup instructions 1:1, but I encountered difficulties in the handshaking between the client and the WireGuard server.

After some experimentation, I found out that the obstacle was the interface-specificity of the firewall WAN rule (step 5). After moving of the WAN rule to Firewall‣Rules‣Floating, without specifying an interface, the handshaking worked perfectly.

Interesting, the problem exist only for the first connection attempt – after a successful handshaking (by the above change of the rules) the restored original rules work also till disabling and enabling of the peer. I suspect an inability of the WireGuard interface to respond to the handshaking due to an incorrectly constructed state, but this is far beyond my knowledge. Any interface-specific test rules of type "all enabled" didn't help.

Please comment. Maybe there is a more appropriate solution to the problem as my.