Wireguard LAN connects, No Internet (I know another one)

Started by shrekfx, February 25, 2023, 04:34:45 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 25, 2023, 04:34:45 AM Last Edit: February 25, 2023, 05:23:54 AM by shrekfx
I have been dreading posting this question. I have gone through guides, posts, almost everything and I'm pulling my hair out, well the little I have left.

Here is the issues I am having.  I can get a tunnel built and connected to my LAN, but I cannot for the life of me get out to the net from my client.  Then after about 5-10 minutes, my tunnel disconnects and I can't get a handshake to show in OPN, but the app will show a good handshake.  Then if I wait, it all connects back to my LAN again.

I am so confused, I have followed the opnSense road warrior guide and some other guides and tried to follow some "fixes" other have posted.  I have torn it down and rebuilt the tunnel so many times following the steps, step by step.

Let me know what information you all need.. (im relitivly new to this so there is that too.)

Below is some information.
(opnSense config)
[Interface]
Address = 10.81.84.1/24
ListenPort = 51821
PrivateKey = 4FWA/7J1ajsAD9g72Gxxxxxxxxxxxxxxxxx

[Peer]
PublicKey = wl+pO5uuzrhRzISEPp+xxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 10.81.84.2/32


(Client config)
[Interface]
Address = 10.81.84.2/24
ListenPort = 51821
PrivateKey = IELKGV5CYe+JNsxxxxxxxxxxxxxxxxx

[Peer]
PublicKey = fs6Z8Zf+qBywLx/3Xqxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = xxxxxxxxx.xyz:51821

(Firewall rules)
WAN
   IPv4 UDP   *   *   WAN address   51821   *   *   WireGuard_Home

VPN rules
IPv4 *   HomeWireGuard net   *   *   *   *   *   WireGuard_Home

And I do have the vpn tunnel built under the interfaces so that should autobuild the outbound NAT.
February 25, 2023, 05:23:00 AM #1
Well, i got this figured out after reading through more posts. Turns out that there is a step in the guides that are missing or maybe I missed them.  On the client config, you need to have your opnSense's IP if you are using Unbound DNS. Added that to my client I am testing on and I can connect to the LAN and Internet.  Now I need to find out why the connection takes forever to connect when it is idle or I turn it off for a bit.
February 25, 2023, 08:30:19 AM #2
Or you can have unbound listen on the WG interface
June 04, 2023, 12:03:41 PM #3
Hello,

I got stuck in same problem.
Wireguard connects but cannot access the internet from the client.

DNS is put the Opnsense IP(192.168.0.1), as I have adguard running.
Do I need to add a firewall rule to allow it?

Only added toFirewall:

WAN I added:

  • IPv4&6 UDP in port 51820 open

Wireguard group I added:

  • IPv4&6 in + out allow all

Opnsense:
Local - tunnel: 10.0.0.1/24 - 2a00:6020:2000:aaaa:aaab::1/80​
endpoint -IP : 10.0.0.2/32 - 2a00:6020:2000:aaaa:aaab::2/128​

Client:

Interface​
ID: 10.0.0.2/32 - 2a00:6020:2000:aaaa:aaab::2/128​
DNS: 192.168.0.1/32​

client:​
allowed IP: 0.0.0.0/0, ::/0​
Print
Go Up Pages1
User actions