1
21.1 Legacy Series / Wireguard site-to-site setup only works on default WAN IP not VIP
« on: February 11, 2021, 04:46:01 pm »
Hi guys,
Ive been trying to setup for a week or so wireguard site to site VPN without success. keep getting Handshake errors as bellow, tunnel comes up and peer can be seen but not pingable and no routing is possible
Handshake did not complete after 5 seconds, retrying (try 2)
Sending handshake initiation
Handshake did not complete after 5 seconds, retrying (try 2)
This is between 2 OPNsense boxes, second box, the client has no public access from the outside however it has full outbound internet traffic allowed.
Site A (Main Server) - Has public IP with WAN rule allowing port 51820
[Interface]
Address = 192.168.1.1/24
MTU = 1500
ListenPort = 51820
PrivateKey = XXXXXXXX/7pPnNLvm8I1evXgCoU2z733tzgxL+qve9GM=
[Peer]
PublicKey = XXXXXXXXaJmnOotn3NW1LIYOe60aqqKByp7oEfhltFc=
AllowedIPs = 192.168.1.2/32,10.0.40.0/24
PersistentKeepalive = 20
Site B (full open outbound internet only, no NAT or FW access)
[Interface]
Address = 192.168.1.2/24
MTU = 1500
ListenPort = 27836
PrivateKey = XXXXXXXX1UMOhNzm7cUQamH7MwHBNLs4Ot41mIQ1wlI=
[Peer]
PublicKey = XXXXXXXXuXrQftcGxJzd6DYLW+ovR2HoRnhg1ojykSo=
AllowedIPs = 192.168.1.1/32,172.16.69.0/24
Endpoint = 76.XX.XX.257:51820 (Site A IP and Port)
PersistentKeepalive = 20
List config
interface: wg0
public key: XXXXXXXXuXrQftcGxJzd6DYLW+ovR2HoRnhg1ojykSo=
private key: (hidden)
listening port: 51820
peer: XXXXXXXXaJmnOotn3NW1LIYOe60aqqKByp7oEfhltFc=
preshared key: (hidden)
endpoint: 81.3.249.54:27836
allowed ips: 10.0.40.0/24,192.168.1.2/32
transfer: 46.68 KiB received, 42.32 KiB sent
persistent keepalive: every 20 seconds
wg0 XXXXXaJmnOotn3NW1LIYOe60aqqKByp7oEfhltFc= 0
All I am trying to do is to route 172.16.69.0/24 to 10.0.40.0/24 and vice versa, this should be fairly simple.
OpenVPN works perfectly with those networks, however I wanted to take advantage of the wireguard so called "speed".
I have tried to regenerate the keys at both sides 100 times
any thoughts about what is wrong?
Ive been trying to setup for a week or so wireguard site to site VPN without success. keep getting Handshake errors as bellow, tunnel comes up and peer can be seen but not pingable and no routing is possible
Handshake did not complete after 5 seconds, retrying (try 2)
Sending handshake initiation
Handshake did not complete after 5 seconds, retrying (try 2)
This is between 2 OPNsense boxes, second box, the client has no public access from the outside however it has full outbound internet traffic allowed.
Site A (Main Server) - Has public IP with WAN rule allowing port 51820
[Interface]
Address = 192.168.1.1/24
MTU = 1500
ListenPort = 51820
PrivateKey = XXXXXXXX/7pPnNLvm8I1evXgCoU2z733tzgxL+qve9GM=
[Peer]
PublicKey = XXXXXXXXaJmnOotn3NW1LIYOe60aqqKByp7oEfhltFc=
AllowedIPs = 192.168.1.2/32,10.0.40.0/24
PersistentKeepalive = 20
Site B (full open outbound internet only, no NAT or FW access)
[Interface]
Address = 192.168.1.2/24
MTU = 1500
ListenPort = 27836
PrivateKey = XXXXXXXX1UMOhNzm7cUQamH7MwHBNLs4Ot41mIQ1wlI=
[Peer]
PublicKey = XXXXXXXXuXrQftcGxJzd6DYLW+ovR2HoRnhg1ojykSo=
AllowedIPs = 192.168.1.1/32,172.16.69.0/24
Endpoint = 76.XX.XX.257:51820 (Site A IP and Port)
PersistentKeepalive = 20
List config
interface: wg0
public key: XXXXXXXXuXrQftcGxJzd6DYLW+ovR2HoRnhg1ojykSo=
private key: (hidden)
listening port: 51820
peer: XXXXXXXXaJmnOotn3NW1LIYOe60aqqKByp7oEfhltFc=
preshared key: (hidden)
endpoint: 81.3.249.54:27836
allowed ips: 10.0.40.0/24,192.168.1.2/32
transfer: 46.68 KiB received, 42.32 KiB sent
persistent keepalive: every 20 seconds
wg0 XXXXXaJmnOotn3NW1LIYOe60aqqKByp7oEfhltFc= 0
All I am trying to do is to route 172.16.69.0/24 to 10.0.40.0/24 and vice versa, this should be fairly simple.
OpenVPN works perfectly with those networks, however I wanted to take advantage of the wireguard so called "speed".
I have tried to regenerate the keys at both sides 100 times
any thoughts about what is wrong?