Need help with wireguard basic setup

Started by skywalker007, June 15, 2019, 06:40:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 15, 2019, 06:40:59 PM
Can anyone point me towards the right direction with my wireguard setup please?
I have configured OPNSense as a server for roadwarriors:
listen port 51820
tunnel address: 10.2.249.1/24

Created a peer on IOS:
interface: 10.2.249.2/32
peer config: <opnsense:51820>
inserted pub key from OPNsense server

Added the peer as endpoint in OPNsense:
Tunnel address: 10.2.249.2/32
inserted the created pub key from IOS endpoint

added this endpoint as peer in the servers local peers list.

Added a firewall rule to allow udp/51820 inbound to firewall from any
Added a firewall rule to the wireguard interface to allow 10.2.249.2 -> any

Result:
When I enable the tunnel on IOS, it turns green and says connected.
No packet crosses the tunnel though.
When I "tcpdump -n udp port 51820" on opnsense, I see no packet. Why would the tunnel turn green then?
I am stuck here. Either I miss a fundamental piece of the concept or... No idea.
Handshakes also shows "0", so it doesn't look like much happened.
Anyone who could give me a push forward?
thanks so much!
System1: Qotom Q310G4 (died recently)
System1: Supermicro A2SDi-4C-HLN4F,  64GB RAM, ZFS mirrored boot drive
System2: APU2C4
June 25, 2019, 04:29:31 PM #1
I have the same issue with trying to connect using Wireguard app from Android.
I followed the guide here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html?highlight=wireguard
June 25, 2019, 08:43:27 PM #2
Are you sure you run the tcpdump on the WAN interface via "-i XXX"?
When you don't see a packet from the client it's a problem on the client side.

That's the downside of Wireguard .. there's no real connection.
Print
Go Up Pages1
User actions