Wireguard client not receiving

Started by rasfar121, October 19, 2020, 04:57:54 PM

Previous topic - Next topic

Quote from: rasfar121 on October 22, 2020, 07:43:47 AM
I took the a few hours ago. they are the latest

Hi,

in this screenshot:
https://ibb.co/x8Ssg1h

You still have 10.0.7.1/24 as source but it should be 10.0.7.0/24 as I wrote earlier already. Also please activate logging which is a checkbox within that rule if you already have it open to edit it. You should then see an ICMP request if you ping the 10.0.7.1 from the client (OpenWRT box?).

Maybe you should tell us what you want to do. As I read in your SoftEther post, you want to connect a PlayStation through an OpenWRT box by WireGuard to your OPNsense. And you want to use UPnP to allow the PlayStation to allow ports on the WAN side of the OPNsense?
,,The S in IoT stands for Security!" :)

Sorry my fault i just didnt save it over the file name https://ibb.co/zSqNcV9


I enabled log on wireguard firewall rules

64 bytes from 1.1.1.1: seq=9 ttl=60 time=1.572 ms
^C
--- 1.1.1.1 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 0.921/1.527/2.436 ms
root@OpenWrt:~# ping 10.0.7.1
PING 10.0.7.1 (10.0.7.1): 56 data bytes
^C
--- 10.0.7.1 ping statistics ---
60 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping 10.0.7.20
PING 10.0.7.20 (10.0.7.20): 56 data bytes
64 bytes from 10.0.7.20: seq=0 ttl=64 time=0.079 ms
64 bytes from 10.0.7.20: seq=1 ttl=64 time=0.069 ms
64 bytes from 10.0.7.20: seq=2 ttl=64 time=0.077 ms
64 bytes from 10.0.7.20: seq=3 ttl=64 time=0.064 ms
64 bytes from 10.0.7.20: seq=4 ttl=64 time=0.067 ms
^C
--- 10.0.7.20 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.064/0.071/0.079 ms
root@OpenWrt:~# ping 10.0.7.1
PING 10.0.7.1 (10.0.7.1): 56 data bytes
^C
--- 10.0.7.1 ping statistics ---
37 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~#

I had to then try and ping form my phone as I wouldnt be able to get live log on opnsense and again failed. and this is what cam up on OPNsense
Interface      Time   Source   Destination   Proto   Label   
wan      Oct 22 06:34:09   200.57.249.15:13089   103.145.2.81:445   tcp   Default deny rule   
wan      Oct 22 06:34:02   45.141.58.74:50334   103.145.2.81:37810   udp   Default deny rule   
lan      Oct 22 06:33:53   103.145.2.13:138   103.145.2.127:138   udp   Default deny rule   
wan      Oct 22 06:33:53   103.145.2.13:138   103.145.2.127:138   udp   Default deny rule   
lan      Oct 22 06:33:53   103.145.2.13:138   103.145.2.127:138   udp   Default deny rule   
wan      Oct 22 06:33:53   103.145.2.13:138   103.145.2.127:138   udp   Default deny rule   
lan      Oct 22 06:33:53   10.1.54.65:138   10.1.54.95:138   udp   Default deny rule   
wan      Oct 22 06:33:53   10.1.54.65:138   10.1.54.95:138   udp   Default deny rule   
lan      Oct 22 06:33:53   10.1.54.65:138   10.1.54.95:138   udp   Default deny rule   
wan      Oct 22 06:33:53   10.1.54.65:138   10.1.54.95:138   udp   Default deny rule   
wan      Oct 22 06:33:47   115.75.217.167:62348   103.145.2.81:445   tcp   Default deny rule   
HCM_SG      Oct 22 06:33:44   172.16.29.2:123   162.159.200.1:123   udp   let out anything from firewall host itself   
wan      Oct 22 06:33:44   143.110.154.112:49765   103.145.2.81:8088   tcp   Default deny rule   
wan      Oct 22 06:33:32   103.145.2.81:40519   1.1.1.1:53   udp   let out anything from firewall host itself (force gw)   
wan      Oct 22 06:33:32   103.145.2.81:16786   1.1.1.1:53   udp   let out anything from firewall host itself (force gw)   
wan      Oct 22 06:33:32   103.145.2.81:64351   1.1.1.1:53   udp   let out anything from firewall host itself (force gw)   
HCM_SG      Oct 22 06:33:31   172.16.29.2:123   194.0.5.123:123   udp   let out anything from firewall host itself   
wan      Oct 22 06:33:25   14.102.94.122:60068   103.145.2.81:445   tcp   Default deny rule   
wan      Oct 22 06:33:22   103.151.47.209:53403   103.145.2.81:445   tcp   Default deny rule





Yes i am trying to connect the PS4 via openwrt to a WG server which then has a tunnel to site B  to access the internet. It is essential that UPnP works as I would not know all UPnP port for all games that I have and sometimes the gaming companies dont actually tell you all the ports used.


Thats why I was so interested to use L2TP as for my experience it has performed the fastest for me, when set up with a cloud VPC compared to WireGuard.

But I appreciate the WireGuiard security and if this can work it would still do the job.


I was just thinking about that uPnP stuff you were telling. As uPnP relies on multicast broadcasts which are usually not traversing subnet borders (with multicast proxies it could be possible), you'll need to bridge everything from the client to the WAN port. Your setup seems really complicated.

Wouldn't it be much easier to connect the OpenWRT where the Playstation is connected directly to the site where the WAN IP is? Then you could do some 1:1 NAT from WAN side to the Playstation.

Even with the SoftEther approach you have this OpenVPN connection standing in the way for a working uPnP solution.
,,The S in IoT stands for Security!" :)