Wireguard client setup to a provider

[pasha-19]

My provider does not have a wireguard client plugin setup.  I found the following:

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

My provider will send me a config file (They have not yet installed on Opnsense).  I believe the contents of that file will be used to complete requirements in largely step 1 of the above process.  Before paying for the wireguard upgrade, am I on the correct path that this could possibly be successful.  I realize that the only real test is to try to configure the option.  I just am trying to assure I am starting with a reasonable set of instructions.

Thanks

Update I have moved onto testing this.  I have encountered an issue reported here:

https://forum.opnsense.org/index.php?topic=42269.msg208586#msg208586

[Bob.Dig]

Before paying for the wireguard upgrade, am I on the correct path that this could possibly be successful.

Who is your VPN-provider? Is it not working?

[pasha-19]

FastestVPN   -- see referenced message shows instructions I followed and explained the step where I am having a problem -- creating the gateway Step 6.  I enter the requested data and when I press save there is a short period of a spinning icon and the screen never closes to allow apply to be pressed.  I would like to say there is a message but I have not seen one.


wireguard status is up and it says I have apparently sent 125K of data and received around 34k.  So the router and wireguard appear to be talking.  I cannot setup a gateway so I cannot access the connection at this time.

[Bob.Dig]

I can create Gateways on WG-Interfaces all day long. And there is not much about creating gateways in the first place. Maybe you did something wrong before.

[pasha-19]

I have created gateways too -- between a VLan switch and my Router.  My problem is when the save button displays the spinner overlay and does not provide any message.  Without a message where does one go next?  Do you think the instructions I am following are the correct ones for this task?  I reviewed the process and except for not knowing about a PSK key on the peer screen I believe I have followed the instructions.  is the PSK key the private key from the VPN?  I get the impression that is a NO. Is the public key from the provider the same one used on the WG Peer screen?  DO i need to generate my own public key for the peer connection?  I get the impression that PSK is optional should I ever create my own wireguard server to connect my own routers.  I am not sure I have not made a mistake, but from the instructions I can not confirm that.

[cookiemonster]

Code Select Expand

I reviewed the process and except for not knowing about a PSK key on the peer screen I believe I have followed the instructions.  is the PSK key the private key from the VPN?  I get the impression that is a NO. Is the public key from the provider the same one used on the WG Peer screen?  DO i need to generate my own public key for the peer connection?
The keys are not optional. Any field in wg for keys must be populated with the correct ones.

[Patrick M. Hausen]

The PSK is optional, private own one and public peer key are sufficient. But of course the state of the PSK must be the same for both sides of the connection. Present or not, identical if present.

[cookiemonster]

If by PSK we are talking preshared key then agreed.
I am going by previous messages i.e.
- "Before paying for the wireguard upgrade" <- wouldn't have given necessary keys by the provider I would have thought.
-" I enter the requested data and when I press save there is a short period of a spinning icon and the screen never closes to allow apply to be pressed." < as per above, I seemed the OP was not entering a required value.
- " is the PSK key the private key from the VPN?" <- is he entering the required private key?
But I could be very well mistaken.

[pasha-19]

To clairify the VPN provided only two keys a public one and a private one.  The provider did not include a PSK so I probably do not need that one.

Thanks for the help.   -- still hung up creating that gateway.

[DEC670airp414user]

To clairify the VPN provided only two keys a public one and a private one.  The provider did not include a PSK so I probably do not need that one.

Thanks for the help.   -- still hung up creating that gateway.

after the interface is created.

at the bottom click dynamic gateway policy

[pasha-19]

I created the interface using Step 4 of the above instructions says nothing about checking that box.  So I tried checking that box -- when I started step 6 the gateway was already created -- it appears that checkbox replaces step 6.

Update -- upon checking the gateway the far gateway was not checked nor was monitoring enabled.  When I tried to do that I learned why I could not create the gateway according to step 6.  Most addresses required the CIDR to be entered so my IP and monitor address I included the /32 as indicated by my provider.  When I took the /32 off the IP and monitor address the gateway could be both added without the dynamic gateway policy and with the dynamic gateway policy.

I am progressing without dynamic gateway checked -- unless I encounter a problem later then I will consider testing with that option too.

Thanks to all.  I have progressed through Step 10 of the above instructions.  I am successfully communicating on the wireguard VPN.   I have a question about setting up the kill switch but I believe that is another issue.  Thanks to all this issue is resolved.