Wireguard plugin not connecting after IP change

[bigr4232]

I had the Wireguard plugin setup and ever since my external IP changed I have been unable to connect to my VPN. I changed the endpoint in my config but still nothing. This is happening on every device I have tried it on regardless on if it was connected to the same network or connected to a hotspot on another network. I am getting "Handshake did not complete" errors. Has anyone had issues with this and fixed it?

OPNsense version: 23.7.8_1
os-wireguard version: os-wireguard


edit: Just to add the the ip change is what I thought could have caused it. I haven't used my VPN in a bit so it could have been caused by something else.

[CJ]

You should set up some sort of dynamic dns so you don't need to worry about your IP changing.

What do your client logs show?  Did you click apply after making your WG changes?

[bigr4232]

Yeah makes sense. I will set up dynamic dns once I get this working again. Here are the logs

[CJ]

Why is your client sending so many handshakes?  It looks like the tunnel comes up and then it keeps trying to start a new one.

What do the OPNSense logs show?

[bigr4232]

Here are my opnsense wireguard logs

[CJ]

Here are my opnsense wireguard logs

What do they show if you change the level to Debug?

[bigr4232]

Here are the debug logs. There is nothing in them.

[CJ]

Yeah makes sense. I will set up dynamic dns once I get this working again. Here are the logs

I still keep coming back to this.  It's very odd.  Are the logs the same on all of your devices?

[bigr4232]

Yes they are the same on every device I have tested.

[CJ]

You can try doing a packet capture but you're probably better off just restarting from scratch with a dynamic domain as that's where you want to eventually end up.

[meyergru]

Plus, you have to consider that "far" side of the wireguard tunnel does not try to use the updated DNS entry, it just keeps trying the old IP unless you use the provided check/restart cron job there.

[bigr4232]

You can try doing a packet capture but you're probably better off just restarting from scratch with a dynamic domain as that's where you want to eventually end up.

I tried doing this a while back. I am on vacation now so don't have screenshots. But essentially from what I remember is the packet was sent but never received from the server. I can retest this later though. I would like to restart with a dynamic dns but the problem is regardless of what I do now, I can't connect to the WireGuard server on that router. I deleted all my firewall rules and retried but I'm getting the same results.

[CJ]

Plus, you have to consider that "far" side of the wireguard tunnel does not try to use the updated DNS entry, it just keeps trying the old IP unless you use the provided check/restart cron job there.

Won't it eventually fail out and restart?  I haven't really noticed an issue with mine but it doesn't tend to change often.

I tried doing this a while back. I am on vacation now so don't have screenshots. But essentially from what I remember is the packet was sent but never received from the server. I can retest this later though. I would like to restart with a dynamic dns but the problem is regardless of what I do now, I can't connect to the WireGuard server on that router. I deleted all my firewall rules and retried but I'm getting the same results.

Try uninstalling the plugin, rebooting, and installing it again.

[bigr4232]

Gave that a try and then tried redoing all my settings for wireguard. Still having the same issue. I uninstalled it by removing it in the plugins page. Not sure if there is a different way to uninstall it though.