1
Virtual private networks / Wireguard Roadwarrior setup not working (unable to complete handshake)
« on: March 30, 2024, 11:36:15 pm »
The client is not able to finish the handshake and I cannot work out why.
I followed the instruction here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html and I have double and triple checked my settings and they match these settings, but I am unable to connect from any client, I am getting errors about the handshake not completing.
At this point I am at a loss as to what to do to get this working. I am not entirely sure what I need to post here to help work this out.
The interface I created in step 4(a) is called "Wireguard"
Outbound NAT Rule:
WAN Rule:
Wirguard Interface FW Rule:
Normalization Rule:
OpnSense V24.1.4
Any suggestions?
Also, some notes in the documentation:
I followed the instruction here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html and I have double and triple checked my settings and they match these settings, but I am unable to connect from any client, I am getting errors about the handshake not completing.
At this point I am at a loss as to what to do to get this working. I am not entirely sure what I need to post here to help work this out.
The interface I created in step 4(a) is called "Wireguard"
Outbound NAT Rule:
Code: [Select]
WAN Wireguard net * * * Interface address * NO Wireguard NAT Rule
WAN Rule:
Code: [Select]
IPv4 UDP * * WAN address 51820 * * Open Wireguard Port
Wirguard Interface FW Rule:
Code: [Select]
IPv4 * Wireguard net * * * * * Allow Traffic from Wireguard Clients
Normalization Rule:
Code: [Select]
WireGuard (Group), Wireguard any any Wireguard MSS Clamping IPv4
OpnSense V24.1.4
Any suggestions?
Also, some notes in the documentation:
- The numbering referenced in the article is wrong. When the instruction reference step 5(a) it actually means 4(a) (I think), this made parsing it pretty difficult.
- It would be nice if there were some more information about the keys and how to use them and/or how they relate to each other. Step 2 just tells you to insert a public key, and to go to step 7 (doesn't exist) in order to get info on how to generate said key.
- Step 5a tells you to use the interface Wireguard (Group) instead of the interface you created in step 4(a). Is this correct? (I tried both, but things still don't work)