[Solved] Wireguard - wg0 not available at interfaces.

[Yolo]

I am trying to get wireguard going using this tutorial: https://blog.linuxserver.io/2019/11/16/setting-up-wireguard-on-opnsense-android/

One of the steps I need to take is to create a new assignment for wg0, so that traffic can flow. However, when I go to assignments, wg0 is nowhere to be found. Logging in via ssh and listing all the interfaces gives me only the WAN and LAN. I installed the plugin using the System - Firmware - Plugins method.

Anyone any idea what might be going wrong here?

[mimugmail]

WireGuard not running?

[Yolo]

I thought it kept running, but the service keeps stopping. Only see this in the logs:

Dec 10 23:07:30   kernel: wg0: link state changed to DOWN
Dec 10 23:07:30   kernel: tun0: changing name to 'wg0'

[mimugmail]

Can you start WireGuard via CLI and check the output?

[Yolo]

Can you start WireGuard via CLI and check the output?

Could you explain to me how to do that? Probably need to ssh in and then?

[mimugmail]

SSH, Type 8 for Console, then:

/usr/local/etc/rc.d/wireguard restart

[Yolo]

SSH, Type 8 for Console, then:

/usr/local/etc/rc.d/wireguard restart

Running that command gives:

/usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface

• wireguard-go wg0

INFO: (wg0) 2019/12/11 07:23:21 Starting wireguard-go version 0.0.20191012

• wg setconf wg0 /tmp/tmp.64MsU480/sh-np.qmmiA2

Line unrecognized: `PublicKey='
Configuration parsing error

• rm -f /var/run/wireguard/wg0.sock

When I look at /usr/local/etc/wireguard/wg0.conf, I get the following:

[Interface]
Address = 10.0.2.0/24
DNS = 1.1.1.1
ListenPort = 51820
PrivateKey = CN93K+/YuYpMlQbCm0caalsRnJWU+EfP4kgU+g*****=
[Peer]
PublicKey = QKXb7WW8VdGGDLz4LMOleM/Eh8tq8fGTYnPZmf*****=
AllowedIPs = 10.0.2.2/32
PersistentKeepalive = 60
[Peer]
PublicKey =
AllowedIPs = 10.0.2.3/32
PersistentKeepalive = 60

So only the peer public key is empty, but that is correct right? Since this is the server.

[zer0k]

That 2nd peer public key needs to be filled in

[Yolo]

Solved the issue. Apparently, I created a peer without a public key in the past. Since it was not working, I deleted the plugin and reinstalled it. I think that wg0.conf wasn't deleted when I removed the plugin (have not verified this), so the old settings were still there. Deleted wg0.conf, deleted the plugin, rebooted opnsense, installed the plugin and this time I got the wg0 interface.

Thanks for all the support!

Now onto the next challenge. I am connected to the Opnsense firewall, but cannot reach anything on the network or on the internet...

[Spoonman2002]

- create gateway in System > Single > Gateways
- create a rule (or rules) in Firewall > NAT > Outbound.
also see this thread:
https://forum.opnsense.org/index.php?topic=15105.msg70130#msg70130