Help - "Road Warrior" wireguard setup disconnecting on LAN

Started by slowhawkeclipse, February 26, 2023, 08:35:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 26, 2023, 08:35:46 PM
I am looking to setup WireGuard so that I can have my phone always connected to my LAN wherever I go. I was hosting a WireGuard endpoint on a server on the LAN, and it has been working great for years. I wanted to move that endpoint to my OPNsense router, so I followed the OPNsense Road Warrior WireGuard documentation. I'm having troubles:

My phone (iOS) initially connects just fine. However, after the phone is not used for a while (sometimes 20 min, sometimes 6hrs), the connection drops. To reconnect, I have to manually go into the wireguard app and toggle the tunnel off and back on. It seems to only happen when I'm on the LAN. I tried changing the firewall rule from the "WAN" interface to "Floating" on the rec of some youtube tutorial, which seemed to make it better, but it still disconnected overnight. I can't find anything in the logs that has helped me so far, but maybe I'm not looking in the right place. The WireGuard tunnel to the other endpoint (server on the LAN) works flawlessly with the same phone and setup, which makes me think its a configuration issue on the OPNsense router.

I thought it might be a DNS issue, so I made the DNS endpoint on my phone the WAN IP address of my OPNsense router. That didn't help.

I tried the keepalive packets (server side), but that didn't help either.

Any advice?
February 26, 2023, 08:52:03 PM #1
Curious as to why you bother with the VPN when your device is already on the LAN network?
February 26, 2023, 09:00:12 PM #2
Quote from: Greelan on February 26, 2023, 08:52:03 PM
Curious as to why you bother with the VPN when your device is already on the LAN network?

I'm hoping to not turn on and off my VPN as I leave my house and return. I just want to leave it on and have it always connected.
February 26, 2023, 09:02:50 PM #3
You still can. Have the "on-demand activation" on in the iOS app, then exclude the SSIDs for your LAN network. So it will only activate when you are not on LAN (and deactivate when you get back on LAN)
February 26, 2023, 10:06:18 PM #4
Quote from: Greelan on February 26, 2023, 09:02:50 PM
You still can. Have the "on-demand activation" on in the iOS app, then exclude the SSIDs for your LAN network. So it will only activate when you are not on LAN (and deactivate when you get back on LAN)

Woah, I didn't realize you can configure that so granularly. That's perfect, an even better solution than I was looking for. Thanks!
Print
Go Up Pages1
User actions