Wireguard connection fails (firewall issue)

Started by m4rtin, June 30, 2023, 10:43:45 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 30, 2023, 10:43:45 AM Last Edit: June 30, 2023, 10:46:41 AM by m4rtin
Hi, I want to establish a Wireguard VPN connection between an Ubuntu cloud server and a network that is protected with an OPNsense firewall with wireguard.

The wireguard config on the ubuntu server is:

Code Select
[Interface]
PrivateKey = ...
Address = 192.168.1.252/32

[Peer]
PublicKey = /wKtAL5pkfMrV5MTSSHbtMe6TXM+D6d4KQ76Mfj/tVQ=
AllowedIPs = 10.0.0.0/24
Endpoint = ..........:51825


The wireguard Status on the Ubuntu server is:

Code Select
peer: /wKtAL5pkfMrV5MTSSHbtMe6TXM+D6d4KQ76Mfj/tVQ=
  endpoint: xxx.xxx.xxx.xxx:51825
  allowed ips: 10.0.0.0/24
  transfer: 0 B received, 148 B sent
  persistent keepalive: every 25 seconds

The wireguard Status on the opnsense server is:

Code Select
peer: es6Mn1SZ3Zl9GUIkSlipsiS1HHGdnTmiXxq2qKgdI0Y=
  endpoint: xxx.xxx.xxx.xxx:49481
  allowed ips: 192.168.1.252/32
  transfer: 99.29 KiB received, 61.72 KiB sent


Wireguard log on ubuntu server:

Code Select
[Fri Jun 30 10:36:56 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 19)
[Fri Jun 30 10:36:56 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:01 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 20)
[Fri Jun 30 10:37:01 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:07 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 20 attempts, giving up
[Fri Jun 30 10:37:27 2023] wireguard: xxxxxxxx: Sending keepalive packet to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:27 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:33 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 2)
[Fri Jun 30 10:37:33 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:38 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 3)
[Fri Jun 30 10:37:38 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)
[Fri Jun 30 10:37:43 2023] wireguard: xxxxxxxx: Handshake for peer 85 (---opnsense public ip---:51825) did not complete after 5 seconds, retrying (try 4)
[Fri Jun 30 10:37:43 2023] wireguard: xxxxxxxx: Sending handshake initiation to peer 85 (---opnsense public ip---:51825)

The strange thing is that there is no traffic on port 51825 in the live view of the opnsense, although it received data (wireguard status).

Do you know what might be the issue here?
Print
Go Up Pages1
User actions