Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard site-2-site OpnSense to PFSense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard site-2-site OpnSense to PFSense (Read 1185 times)
mcouture
Newbie
Posts: 16
Karma: 0
Wireguard site-2-site OpnSense to PFSense
«
on:
February 02, 2023, 03:29:54 pm »
I have 2 Wireguard site-to-site VPNs setup already. Both ends are OpnSense. I want to setup a 3rd VPN to a PFSense box and I have not had any luck getting them to handshake (OpnSense to PFSense). Anybody have any issues in this area?
public keys generated and copied appropriately.
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Wireguard site-2-site OpnSense to PFSense
«
Reply #1 on:
February 02, 2023, 04:37:55 pm »
No issues here. Had 2 tunnels between the two but now only 1. And soon to be none!
Logged
mcouture
Newbie
Posts: 16
Karma: 0
Re: Wireguard site-2-site OpnSense to PFSense
«
Reply #2 on:
February 02, 2023, 05:17:46 pm »
ok, figured there wasn't an issue....just me
Logged
mcouture
Newbie
Posts: 16
Karma: 0
Re: Wireguard site-2-site OpnSense to PFSense
«
Reply #3 on:
February 03, 2023, 06:04:09 pm »
Still can't figure out why it isn't working...
Site1 - OpnSense
interface: wg2
public key: <<removed "P1">>
private key: (hidden)
listening port: 51840
peer: <<removed "P2">>
endpoint: xxx.xxx.xxx.xxx:51840
allowed ips: 192.168.200.0/24, 10.11.3.2/32
transfer: 0 B received, 444 B sent
persistent keepalive: every 10 seconds
Site2 - PFSense
interface: tun_wg0
public key: <<removed "P2">>
private key: (hidden)
listening port: 51840
peer: <<removed "P1">>
preshared key: (hidden)
endpoint: xxx.xxx.xxx.xxx:51840
allowed ips: 172.18.1.0/24, 10.11.3.1/32
transfer: 61.57 KiB received, 38.42 KiB sent
* notice the peer at site one isn't receiving but is sending data....
** firewall rules on both sites are ok - udp port 51840 is open on wan interface and the wireguard interface has <any><any> rules in place
Any suggestions on where to look next?
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Wireguard site-2-site OpnSense to PFSense
«
Reply #4 on:
February 03, 2023, 07:34:53 pm »
You'd have to provide more info.
What are the tunnel addresses?
This is a site to site but you have 2 /32 addresses allowed, what are they?
The biggest problem with Wireguard is there is no "Right way" of setting it up. Meaning there can be multiple ways to make it work and there should only be one.
Use the packet capture, are both sites reaching the WAN of the other site?
Did you set up the proper routes and gateways?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard site-2-site OpnSense to PFSense