Show Posts
1
Virtual private networks / WireGuard Site to Site
« on: December 13, 2020, 10:22:39 pm »
First off, I understand that I might be doing this all wrong but I've tried to get myself as far as I can before asking for help.
I want to implement WireGuard in a site to site configuration and since I'm learning, I've decided to put it into OpnSense first. Later I might install it bare metal.
Both setups are ISP Modem -> Asus Router. I still want to use both Asus routers for everything they currently do. As such I only want OpnSense to run WireGuard and nothing more.
I followed this guide up until Step 3. https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
Both instances of WireGuard initiate and stay that way so it appears I have done something right. Neither have WAN interfaces but both can ping the internet through the existing LAN. I can't ping from one network to the other. I do have an existing OpenVPN server running on one site and can log into it from the other. (Should I stop the OpenVPN server?) Both networks are using the same DHCP range but their servers assign to different subsets.
Running WireGuard from terminal produces:
INFO: (wg0) 2020/12/14 06:53:51 Starting wireguard-go version 0.0.20201118
and
INFO: (wg0) 2020/12/14 06:57:15 Starting wireguard-go version 0.0.20201118
The config files are:
[Interface]
Address = 192.168.5.1/24
DNS = 192.168.1.250
ListenPort = 51820
PrivateKey = {randomstring}=
[Peer]
PublicKey = {randomstring}=
AllowedIPs = 192.168.1.0,192.168.5.2
Endpoint = {correctWANip}:51820
and
[Interface]
Address = 192.168.5.2/24
DNS = 192.168.1.240
ListenPort = 51820
PrivateKey = {randomstring}=
[Peer]
PublicKey = {randomstring}=
AllowedIPs = 192.168.5.1,192.168.1.0
Endpoint = {correctWANip}:51820
All keys end in an equals sign. (is that correct?)
Both state in VPN -> WireGuard -> Handshakes = 0.
I haven't added any routes or anything to the firewall as WireGuard isn't using a Wan interface (I understand this could be the problem).
Like I said, I'm new to this so understand I might have a fundamental problem that I can't see.
I want to implement WireGuard in a site to site configuration and since I'm learning, I've decided to put it into OpnSense first. Later I might install it bare metal.
Both setups are ISP Modem -> Asus Router. I still want to use both Asus routers for everything they currently do. As such I only want OpnSense to run WireGuard and nothing more.
I followed this guide up until Step 3. https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
Both instances of WireGuard initiate and stay that way so it appears I have done something right. Neither have WAN interfaces but both can ping the internet through the existing LAN. I can't ping from one network to the other. I do have an existing OpenVPN server running on one site and can log into it from the other. (Should I stop the OpenVPN server?) Both networks are using the same DHCP range but their servers assign to different subsets.
Running WireGuard from terminal produces:
- rm -f /var/run/wireguard/wg0.sock
- resolvconf -d wg0
- wireguard-go wg0
INFO: (wg0) 2020/12/14 06:53:51 Starting wireguard-go version 0.0.20201118
- wg setconf wg0 /tmp/tmp.vHeA3nWe/sh-np.Idyy4J
- ifconfig wg0 inet 192.168.5.1/24 192.168.5.1 alias
- ifconfig wg0 mtu 1420
- ifconfig wg0 up
- resolvconf -a wg0 -x
- route -q -n add -inet 192.168.5.2/32 -interface wg0
- route -q -n add -inet 192.168.1.0/32 -interface wg0
- Backgrounding route monitor
and
- rm -f /var/run/wireguard/wg0.sock
- resolvconf -d wg0
- wireguard-go wg0
INFO: (wg0) 2020/12/14 06:57:15 Starting wireguard-go version 0.0.20201118
- wg setconf wg0 /tmp/tmp.fKJLL0pk/sh-np.2X3j2S
- ifconfig wg0 inet 192.168.5.2/24 192.168.5.2 alias
- ifconfig wg0 mtu 1420
- ifconfig wg0 up
- resolvconf -a wg0 -x
- route -q -n add -inet 192.168.5.1/32 -interface wg0
- route -q -n add -inet 192.168.1.0/32 -interface wg0
- Backgrounding route monitor
The config files are:
[Interface]
Address = 192.168.5.1/24
DNS = 192.168.1.250
ListenPort = 51820
PrivateKey = {randomstring}=
[Peer]
PublicKey = {randomstring}=
AllowedIPs = 192.168.1.0,192.168.5.2
Endpoint = {correctWANip}:51820
and
[Interface]
Address = 192.168.5.2/24
DNS = 192.168.1.240
ListenPort = 51820
PrivateKey = {randomstring}=
[Peer]
PublicKey = {randomstring}=
AllowedIPs = 192.168.5.1,192.168.1.0
Endpoint = {correctWANip}:51820
All keys end in an equals sign. (is that correct?)
Both state in VPN -> WireGuard -> Handshakes = 0.
I haven't added any routes or anything to the firewall as WireGuard isn't using a Wan interface (I understand this could be the problem).
Like I said, I'm new to this so understand I might have a fundamental problem that I can't see.