Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Some troubles with my wireguard setup - changes between 19.1 and 19.7?
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Some troubles with my wireguard setup - changes between 19.1 and 19.7? (Read 15040 times)
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Some troubles with my wireguard setup - changes between 19.1 and 19.7?
«
Reply #15 on:
November 01, 2019, 07:16:34 am »
Can you follow the guides in official docs? There is a step by step Guide for this. Disables routes is for Advanced users, dont use it for starting. Also allowed IPs in local looks wrong.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
ric91
Newbie
Posts: 15
Karma: 0
Re: Some troubles with my wireguard setup - changes between 19.1 and 19.7?
«
Reply #16 on:
January 02, 2020, 11:03:44 am »
Maybe my experiences can be useful as I done a lot of testing witihn the last weeks with Wireguard and iOS devices.
I set up my OPNsense firewall ( version 19.7.8 ) as shown on the manual and couldn't get the all-traffic-thing running. I've done a lot of debugging and found the wg0-interface gone as soon as I assign the interface as shown in step 2c at the manual.
Let me be a bit more detailed. My transfer network is 10.10.10.0 for Wireguard. My local part has 10.10.10.1 as an ip address. The iOS device is on 10.10.10.2.
My internal LAN network is 192.168.10.0.
I can ping 10.10.10.1 and 10.10.10.2 at the firewall, also paket tracing is possible, so I assume routing works.
When I enable the first step in 2c (assigning an interface) the routing stops. I can no longer ping any of the 10.10.10-addresses.
So I skip the first step in step 2c (assigning an interface to wg0) and all is working fine.
The setup now looks as follows:
Local Configuration:
Name: HomeCloud
Public Key: <Server Public Key>
Private Key: (hidden)
Listen Port: 51820
DNS Server: 192.168.10.1
Tunnel Address: 10.10.10.1/24
Peers: <Client 1>
Disable Routes: <
Unchecked
>
Endpoint:
Name: <Client 1>
Public Key: <Client 1 Public Key>
Allowed IPs:
10.10.10.2/32 - <Client 1 Address>
List Configuration Output:
interface: wg0
public key: (hidden)
private key: (hidden)
listening port: 51820
peer: <Client 1 Public Key>
allowed ips: 10.10.10.2/32
Client Settings (Phone):
Interface
Name: HomeCloud
Public Key: <Client Public Key>
Addresses: 10.10.10.2/32
DNS Servers: 192.168.10.1
Peer
Public Key: <Server Public Key>
Endpoint: vpn.example.com:51820
Allowed IPs: 192.168.10.0/24,0.0.0.0/0
Persistent Keepalive: off
Firewall
NAT -> Port Forward
NO RULES
NAT -> Outbound
WAN WireGuard net * * *
WAN address
* NO Wireguard_Outbound
Rules -> WAN
IPv4 UDP * *
WAN address
51820 * * Wireguard_Inbound
Interfaces
No interface setup for wg0
System -> Gateway -> Single
No gateway set
So notice the differences, marked as underlined above.
Additionally do not use 0.0.0.0 as a address range at the Allowed IPs within the endpoint configuration, this will route all your firewall traffic to your endpoint.
«
Last Edit: January 02, 2020, 11:06:31 am by ric91
»
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Some troubles with my wireguard setup - changes between 19.1 and 19.7?