[Solved] Wireguard Site to Site Configuration Help

[dmmincrjr]

I have a working site to site VPN using OpenVPN and am considering switching to Wireguard however I cannot seem to get things to work correctly. I have tried to follow a couple setup guides and while I think I now have a connection between the sites as I have output in List Configuration and Handshakes I cannot seem to pass any traffic as I cannot ping anything on my home network. I have also seen a few posts recently where the latest version of Opnsense broke some Wireguard VPN's so not sure if that might be my issue.

I'm trying to go from my office with a static IP to my home with a dynamic IP.

Office Lan network is 192.168.0.1
Office Tunnel Address under Local for Wireguard is 192.168.100.1/24
Office Allowed IPs for Wireguard is 192.168.100.3/32

Home Lan network is 192.168.50.1
Home Tunnel Address under Local for Wireguard is 192.168.100.2/24
Office Allowed IPs for Wireguard is 192.168.100.3/32

Since I have a handshake between the two sites I'm thinking it might be a firewall issue so will attach screenshot of my firewall rules to see if I'm doing something incorrectly. I'm also a little confused about having to create a Wireguard interface. Some things I have read say you do not need to create it but if I don't create it I don't get the option under Rules in firewall for Wireguard. Therefore I have created rules for the interface WG and also for Wireguard so not sure if that is part of the problem.

Any assistance to get this figured out would be appreciated.

[mimugmail]

Please screenshots of local instance and endpoint from both sides

[dmmincrjr]

Attached are the screen shots.

[mimugmail]

In the endpoint you the the Tunnel IP of the local instance from other side, and in endpoints also the private networks behind

[dmmincrjr]

If I put more than 1 ip address in the allowed ips in endpoints for the Tunnel IP and my private network then wireguard will not start. I must be doing something wrong. Any way to see a screenshot of your configuration so I can better see what you mean?

[mimugmail]

Because you put your own network in endpoint.
If you dont post a network plan and also Screenshots from details I cant really help here

[dmmincrjr]

I didn't really have time today to work on this but took a look at your website and found a site to site guide. Is this still a good one to follow? https://forum.opnsense.org/index.php?topic=11737.0 In looking at it quickly I know I didn't have all this configured so it might solve my issue if still valid as it looks like it was done in 2019. Thanks.

[mimugmail]

In the official documentation is a working example

[dmmincrjr]

After much head scratching I finally figured out why I could not get this to work. I have an existing OpenVPN site to site VPN between both sites on the same networks I was trying to use for Wireguard. When I was entering the internal network ip addresses of the remote network in allowed ips in endpoints the Wireguard VPN would not start when I enabled. Once I turned off the OpenVPN server between the sites I could then enter the local remote ip addresses in allowed ips and the Wireguard VPN would start and allow traffic to pass as OpenVPN was no longer using the remote lan network.