Wireguard handshake

Started by Ray, July 10, 2022, 11:42:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 10, 2022, 11:42:33 PM Last Edit: July 11, 2022, 12:01:34 AM by Ray
Hello Dear Members!

For several months I can't deal with Wireguard. And this begins to drive me crazy.
It seems to me that I tried all the manuals on the Internet.

In the end, I settled on this:
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/wireguard-client.rst
Everything is done as described.
But the handshake only occurs if I am on the same wifi-network with the WG server. And everything works great.

If I plunge from a mobile network, handshakes do not happen.
WAN-rule passed.
The client is trying to make a handshake, and nothing happens further.

Help me please how to find out what is the problem?
July 10, 2022, 11:48:08 PM #1
Screens
July 11, 2022, 12:56:08 AM #2
You will need to post your actual configs on OPNsense and mobile phone. The screenshots above give very little useful info

BTW, the web version of the how-to is easier on the eye xD

https://docs.opnsense.org/manual/how-tos/wireguard-client.html
July 11, 2022, 08:59:54 AM #3
Configs
July 11, 2022, 10:13:08 AM #4
Looks OK

Is unbound actually listening on the WG interface? You've specified that for DNS on the mobile

What about your WAN rule and WG interface rules?
July 11, 2022, 10:36:13 AM #5 Last Edit: July 11, 2022, 10:51:35 AM by Ray
Adhuardhome listens to all interfaces. I have OpenVPN servers and they will resolve without problems.
And when I am in one WiFi network and a handshake occurs, Adguardhome resolving a WG client "192.168.33.10"

Interface Wg is on.
July 11, 2022, 12:15:55 PM #6
Have you applied that second rule? The screenshot still says it hasn't been applied
July 11, 2022, 12:18:08 PM #7
And your WG subnet is totally different to your LAN, right? No overlapping subnets?
July 11, 2022, 01:23:53 PM #8
Yes, the rule are applied.
I moved it up from the inactive for the screenshot and not to apply it

Subnets are not overlapping. I think I could not connect to WG from the home network if the subnets overlapping.
July 11, 2022, 02:21:34 PM #9
Netstat
July 15, 2022, 06:45:30 PM #10 Last Edit: July 15, 2022, 06:47:26 PM by spyware-avoidance
I have been experiencing the same thing. The issue is that mine works once in a while, for example, if I make a change in OPNsense, and then go back and restore settings (to undo the change), then WireGuard works from external network. Then after a while it will not work no matter what.
I'm new to OPNsense, so I have done steps in the documentation several times, and WireGuard just works randomly, and it doesn't work more often than it does work.
This is an issue I have been experiencing since I started using OPNsense, so something is probably wrong with the server itself, or the way configuration are applied. I have other services running, so I suppose the firewall rules work, because I do not have any issues with those.
I was just about to hook up a darn RaspberryPi to the router and just do a NAT port forward, because I can't seem to figure out what is going on with Wireguard in OPNsense.
Edit: rebooting OPNsense does not make a difference, only if I revert a change under the system menu, and even then it only lasts for a while before it stops working again.
Print
Go Up Pages1
User actions