Issue with getting Client to connect to OPNSense Wireguard Server

Started by sgtwheats, October 29, 2023, 09:08:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 29, 2023, 09:08:36 PM
Just switched from PFSense to OPNSense 23.7 thought this would be easy switch boy I was wrong. I am having trouble getting my client to connect to my OPNSense Wireguard server. I am using same config that I used in PFSense that worked and have even followed numerous websites on OPNSense wireguard setup but nothing works. I also setup my client on my home network and it connected to the Wireguard server with no issue so my thinking is something on WAN side that is blocking the communication between the client and server just have not been able see a log to tell me what that is. My OPNSense is still default from install just added a Firewall rule for Wireguard port put that config below and the Config for the Wireguard server, also my home network public IP is static. I am at my wits end trying to make this work so thought give the forums a shot see if some else ran into this issue and had a fix.

Wireguard server
Name
*
Instance
1   
Public Key
*
Private Key
*
Listen Port
51830
Tunnel Address
10.12.18.1/24
       
[Peer]
Name
*
Public Key
*
Allowed IPs
10.12.18.2/32
Keepalive Interval
25

Firewall Rule WAN

Interface   
WAN

Direction   
in

TCP/IP Version   
IPv4

Protocol   
UDP

Source   
any

Destination
WAN address

Destination port range   
from:(other) 51830   
to:(other) 51830

Client Config
[Interface]
Address = 10.12.18.2/24
ListenPort = 51830
PrivateKey = *
MTU = 1380

[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = *:51830
PersistentKeepalive = 25
PublicKey = *

October 29, 2023, 09:30:52 PM #1 Last Edit: October 29, 2023, 09:49:09 PM by Monviech
Maybe try "This Firewall" as destination in the WAN rule? I dont know, this looks fine though. My own configuration is almost identical. I also use "WAN address". If you connect via IPv6 make sure to select IPv4+IPv6 in your rule.

Try to tcpdump on the WAN interface and look if your wireguard handshake pakets hit the WAN interface. Look in the firewall live log and check if the default deny rule drops the wireguard pakets.
Hardware:
DEC740
October 30, 2023, 06:31:03 PM #2
Got it to work by reinstalling OPNSense not sure what was causing the issue because I input the same config right back in after the reinstall. But I did try Monviech suggestions changing the Firewall rule to "This Firewall" did not work did the tcpdump could see my client hitting the Wan interface but looked in firewall live log could not see any related logs. Thanks Monviech for the reply.
October 30, 2023, 06:34:50 PM #3
No problem. It's just weird how I see more of "I reinstalled everything and then it started to work". I wish there was a clue what went wrong when it did. I've been seeing a few wireguard related things pop up in the forum lately, but I never ran into the issue myself that I had to totally start from scratch for the whole firewall.
Hardware:
DEC740
November 01, 2023, 01:37:19 PM #4
do you mean reinstall and import configuration?
configure everything from start?

this would be a nightmare
Print
Go Up Pages1
User actions