Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
WireGuard VPN not functioning despite following guide precisely
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: WireGuard VPN not functioning despite following guide precisely (Read 6236 times)
strongthany
Newbie
Posts: 9
Karma: 0
Re: WireGuard VPN not functioning despite following guide precisely
«
Reply #15 on:
October 27, 2023, 11:12:14 pm »
Thank you. I followed your steps and can confirm, I am not getting a handshake. So likely there is something wrong with my key pairs. I'll double check what I have set for where and made adjustments if needed.
Just so I'm clear, the pub key in the local config would go into the PublicKey entry under the [Peer] section on the client(laptop) config, correct?
I re-went through and confirmed the keys are correct, following the road warrior guide. I can confirm the keys are correct, but still no dice when trying to get the handshake
~$ WG-UP
Warning: `/etc/wireguard/wg0.conf' is world accessible
ip link add wg0 type wireguard
wg setconf wg0 /dev/fd/63
ip -4 address add 10.0.2.2/24 dev wg0
ip link set mtu 1420 up dev wg0
interface: wg0
public key: cpp(this is the key generated on my client by running sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key. This is also the key on VPN --> WireGuard --> Endpoint --> Public Key
private key: (hidden)
listening port: 34309
peer: z1v(confirmed to be same as what's on VPN --> WireGuard --> Local --> Public Key)
endpoint: PUBLIC.IP.ADDRESS:51820
allowed ips: 10.0.2.0/24
~$ ping 10.0.2.1
PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data.
^C
--- 10.0.2.1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5084ms
~$ sudo wg
interface: wg0
public key: cpp1aArw8UcKd6FU09IQ7i/bQCtdfzTz1DBHSsi+QBY=
private key: (hidden)
listening port: 34309
peer: z1vcnYO+25OXVTxTDmoBby6n6beXVUDtRhQr0LyEomA=
endpoint: 162.219.228.99:51820
allowed ips: 10.0.2.0/24
transfer: 0 B received, 296 B sent
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1601
Karma: 176
Re: WireGuard VPN not functioning despite following guide precisely
«
Reply #16 on:
October 28, 2023, 08:26:59 am »
If the handshake doesn't work, it's really either of these things:
- Key Pairs don't match
- Request Packet doesn't get to the wireguard socket of the OPNsense
- Response Packet doesn't get back to the client.
So check these things again:
1. Is the IP in your resolved FQDN really the same as "WAN address" of your OPNsense? Maybe you have CGNAT or something? Or the FQDN is wrong?
2. Does Wireguard really listen on port 51820? "netstat -an"
3. Is the Firewall Rule on your WAN interface working as expected? Enable log and look for packets. tcpdump on the WAN interface when you send pings from your client. Look for udp 51820 packets.
4. I know it sounds like a pain, but if still nothing works, triple check the public and private key pairs. If they dont match, wireguard won't even respond.
Wireguard isn't a quick and easy protocol, troubleshooting it is way harder than IPsec since it doesn't give you expansive logs to work with. In IPsec you can troubleshoot the IKE key exchange and everything. With Wireguard, it either works or doesn't, and if it doesn't work its a guessing game.
Logged
Hardware:
DEC740
strongthany
Newbie
Posts: 9
Karma: 0
Re: WireGuard VPN not functioning despite following guide precisely
«
Reply #17 on:
October 28, 2023, 09:07:46 pm »
@Monviech I will check the firewall rule on the WAN. I double checked and can confirm the IP I am using for the WAN address is correct(couldn't get duckdns figured out to get a FQDN for connecting, but that's an issue for later). Based on the information I posted last, does the key information look correct to you? I am hoping for some assistance in regards to ensuring the pair looks correct. If you need more information, please let me know.
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1601
Karma: 176
Re: WireGuard VPN not functioning despite following guide precisely
«
Reply #18 on:
October 28, 2023, 09:43:59 pm »
I dont know if the keys look correctly. Its a public/private key pair after all. But maybe you should try to set up wireguard between two linux peers first to get a feeling for it. If you get some hands on experience with a working setup, Im sure you can solve your problems with the OPNsense. Im running complex wireguard scenarios on it since years, but starting out with wireguard can be tough.
https://www.wireguard.com/quickstart/
Its extremely helpful to read this too:
https://www.wireguard.com/#conceptual-overview
«
Last Edit: October 28, 2023, 09:53:36 pm by Monviech
»
Logged
Hardware:
DEC740
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
WireGuard VPN not functioning despite following guide precisely