Wireguard not able to connect

Started by Chriss_93, April 22, 2024, 10:33:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 22, 2024, 10:33:23 PM Last Edit: April 23, 2024, 07:39:24 AM by Chriss_93
I'm sweating now for more than 8 hours in front of my PC. I tried multiple installations, different peers, different tunnel addresses, different everything. still cannot get Wireguard to work. It has worked yesterday but out of a sudden, without changing anything (just a reboot due to a short power outage) I'm unable to get WG back to live. The log shows every time /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: entering configure using 'opt1'.
Another strange thing: If I let "Disable Routes" unchecked, sometimes it kills the whole internet connection. Something strange is happening. I'm really a newbie on OPNsense but it feels like it isn't my mistake.
Sometimes I can see a handshake but only a few KB up and download, on another try, nothing is happening. Is it just me or are there some bugs in this version?

the following settings have been made:

I want to use wireguard in a roadwarrior setting. I want to use Wireguard for my phone to use Pihole. I have a interface assigned.
The WAN rule to allow external access to WG is set :    
IPv4 UDP    *    *    WireGuard (Group) net    51820    *    *       Allow acces from outside to WG

also I have a Floating Rule for any interface to access Pihole
IPv4 TCP/UDP    *    *    PiHole_DNS_Resolver     53 (DNS)    *    *    *    Allow Access to DNS

on WG i have a rule to allow access to everything (I know that this is bad, but it is now for testing:
IPv4 *    WireGuard (Group) net    *    *    *    *    *       Allow all WGs access to any

There is a forward rule to forward every other DNS request to Pihole
LAN WAN WG0 WireGuard (Group)    TCP/UDP    *    *    ! LAN net    53 (DNS)    PiHole_DNS_Resolver     53 (DNS)    Redirect DNS request to internal DNS resolver on all Interfaces

Outbound is set to automatic.
The WG interface is assigned an I configured the instance on Tunnel address 10.0.0.1/24

April 22, 2024, 11:57:48 PM #1
You need to provide a bit more detail.

Are you using Wireguard on your OPNsense as a server to allow clients to connect into your router (i.e. like a road warrior setup) or are you using WireGuard in OPNsense to connect to an external WireGuard Server (like a VPN)?

I have read that there have been some changes done in the recent WG implementation and Disable Routes functionality seems to have changed.

Throw some more details about your actual setup...
April 23, 2024, 07:36:30 AM #2
I want to use wireguard in a roadwarrior setting. I want to use Wireguard for my phone to use Pihole. I have a interface assigned.
The WAN rule to allow external access to WG is set :    
IPv4 UDP    *    *    WireGuard (Group) net    51820    *    *       Allow acces from outside to WG

also I have a Floating Rule for any interface to access Pihole
IPv4 TCP/UDP    *    *    PiHole_DNS_Resolver     53 (DNS)    *    *    *    Allow Access to DNS

on WG i have a rule to allow access to everything (I know that this is bad, but it is now for testing:
IPv4 *    WireGuard (Group) net    *    *    *    *    *       Allow all WGs access to any

There is a forward rule to forward every other DNS request to Pihole
LAN WAN WG0 WireGuard (Group)    TCP/UDP    *    *    ! LAN net    53 (DNS)    PiHole_DNS_Resolver     53 (DNS)    Redirect DNS request to internal DNS resolver on all Interfaces

Outbound is set to automatic.
The WG interface is assigned an I configured the instance on Tunnel address 10.0.0.1/24
Print
Go Up Pages1
User actions