"local" tab in wireguard plugin missing

Started by Shihatsu, October 22, 2023, 04:30:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 22, 2023, 04:30:46 PM
Heya, I am on 23.7.6 and just installed WireGuard plugin. It was installed quite some time ago, but now I wanted a fresh, clean start. Thing is: After installation there are only the tabs "General", "Instances" and "Peers" available, so no "local" tab to get things started. I also have this error message in my diagnostics:
Code Select
/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'inet' '172.1.0.4/24' -interface 'wg1'' returned exit code '1', the output was ''
So, thing is: there ain't no interface "wg1" under assignemnets, nor under interfaces. I then checked to forum for similar issues und stumbled over this one:
https://forum.opnsense.org/index.php?topic=35841.0
But the solution is not changing anything (I have tried "Disable Host Route" under System >> Gateways). As I have no instances available the rest of the solution seems not to fit my issue, so right now I am lost... Pls help?
October 23, 2023, 06:03:30 AM #1
I literally just followed an extremely long, complicated guide to do exactly this, "WireGuard Selective Routing" so I can connect to my WindScribe VPN and make local hosts of my choosing go through this tunnel.

And just like you - encountered the same annoyance - all of the OPNsense documentation is out of date and refers to things like "local" and "endpoints" tabs which are clearly 100% gone

Docs need an update, badly

local is Instances IIRC and Peers is Endpoints I think is what I concluded
October 23, 2023, 09:21:59 AM #2
> Docs need an update, badly

Let's tone it down a bit, please.

https://github.com/opnsense/docs/issues/504
October 23, 2023, 11:40:49 AM #3
What I would like to know is why it was called "Instances" and not "Interface" to resemble the wireguard configuration 1:1.
It's [Interface] and [Peer] in the wireguard.conf files.
Hardware:
DEC740
October 23, 2023, 03:00:24 PM #4 Last Edit: October 24, 2023, 08:51:04 AM by franco
Because the code base has an "Interface" (assigned) section which is not to be confused with a WireGuard interface (unassigned). This is problematic for historic reasons. Internally we've had the issue of having a long list of "interface" use when actually the network device was meant and not the (assigned) interface. And now "Instances" for WireGuard brings it more in line with OpenVPN (instances) also.

It's the best compromise we can make when trying to avoid "My WireGuard interface is broken" ambiguity in bug reports.


Cheers,
Franco
October 23, 2023, 03:54:10 PM #5
Thank you for the explanation. That makes a lot of sense and was a good choice then.
Hardware:
DEC740
November 28, 2023, 10:20:57 AM #6
Hey @franco,

I'm currently trying to use my OPNSense firewall as a client to a wireguard server instance that I'm running on a remote DigitalOcean server. With these options missing, I'm completely confused how to set it up. It all seems to be in place to setup a wireguard server on opnsense rather than a client.

Like, if I'm creating a peer, it doesn't even have a field for private key. If I'm creating an instance (interface), I should not need to setup a listen port if I'm trying to setup a client, but it asks for it.

Could you please help me with this?
November 28, 2023, 10:46:00 AM #7
There is no client/server in WireGuard, only peers. So you need a listen port on both ends of the connection.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions