Wireguard not sending connection packets to server.

Started by claunia, July 26, 2023, 02:37:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 26, 2023, 02:37:47 PM Last Edit: July 26, 2023, 02:42:06 PM by claunia
Hi,

I have two sites: CA18 and CA20.
CA18 has an ArchLinux configured to be a Wireguard server (port 1194/udp), and an OPNSense configure to be a Wireguard client.
CA20 has an OPNSense configure to be both a Wireguard client and server (port 51820).

That makes CA18 a client of CA20, and CA20 a client of CA18.
Both are servers to several mobile phones and laptops as well.

It was all working until yesterday I had to power down CA18 and clone the SSD to a new one due to bad sectors.
I have not changed the configuration on any of the servers/clients but now, CA20 is not EVEN sending any packet to CA18/udp/1194.

Laptops and mobile phones have no problems at all connecting to CA18.
CA18 connects to CA20 without problems either.

Checking `dmesg` in CA18 shows not even a single handshake try from CA20.
Checking `tcpdump` in CA20 shows not even a single packet going to CA18/udp/1194.
Keys have been triple checked.
No configuration was changed in any of the servers, just a DD clone of the SSD was done.

CA18 server configuration:
Code Select

[Interface]
ListenPort = 1194
PrivateKey = ####

[Peer]
PublicKey = ####
PresharedKey = ####
AllowedIPs = 10.0.8.7/32


CA18 client configuration:
Code Select

[Interface]
ListenPort = 23847
PrivateKey = ####

[Peer]
PublicKey = ####
AllowedIPs = 10.0.9.0/24, 172.21.0.0/16
Endpoint = ####:51820


CA20 server/client configuration:
Code Select

[Interface]
ListenPort = 51820
PrivateKey = ####

[Peer]
PublicKey = ####
PresharedKey = ####
AllowedIPs = 10.0.8.0/24, 172.20.0.0/16
Endpoint = ####:1194
PersistentKeepalive = 10

[Peer]
PublicKey = ####
AllowedIPs = 10.0.9.254/32



What puzzles me is that no configuration has been changed and it was just working, as it is working for other clients, and no packets appear to be sent from CA20 to CA18 on the endpoint port.

Also firewalls show no port blocking (and it would block other clients, that are working on both sites).

EDIT: Checked that laptops connect to CA18 from inside CA20's network. They do.
July 26, 2023, 03:17:18 PM #1
Still dunno what was the problem but changing the port from 1194 to 1195 everywhere just made it work...
Print
Go Up Pages1
User actions