Wireguard as a VPN client?

[swingline]

I intend to use wireguard on my firewall as a replacement for my OpenVPN client. I have an existing VPS running wireguard that I use with my phones and tablets on the go. I am having issues getting the gateway setup and outbound rules to route my LAN traffic over the wireguard VPN.

On 19.7.2, I wasn't able to add a gateway for my WG interface. Post 19.7.3 upgrade all of the gateways I attempted to add now show up on the gateway list, but I can't enable them, and they show as defunct. I was able to delete all but 1 with the web interface the last needed to be removed with the config.xml

Is anyone having and issue like this?

[mimugmail]

Gateways for WG now need a static IP, dynamic doesn't work anymore since 19.7.
Don't forget to also add this IP in WireGuard local instance (advanced)

[tusc]

So what IP do you set for the gateway?

[swingline]

So what IP do you set for the gateway?

I used the tunnel address. But I still cant seem to get traffic to go outbound. But the gateway comes up.

[mimugmail]

Please write them down here, hard to follow

[swingline]

Gateway:



WG interface rule: (This is the one I added)



Wireguard interface rule: (System generated interface......that doesn't show up in interface list)



Outbound NAT rule



Lan rule: It's disabled because nothing routes outbound.





The wireguard client connects to the server, it's just not routing traffic for the members of the "WGtest" Aliases.

Output of "# wg" on the server

Code Select Expand


peer: .../................Ln1hk67BUszGa.........
  endpoint: xx.xxx.xxx.xxx:31820
  allowed ips: 10.100.0.2/32
  latest handshake: 22 seconds ago
  transfer: 930.51 KiB received, 237.18 KiB sent

Running "tcpdump" on the server with all other clients disconnected confirms no traffic being passed.

[mimugmail]

I need screenshot of enpoint config on client

[swingline]

[mimugmail]

And what is the Tunnel Address of the central unit?

[swingline]

And what is the Tunnel Address of the central unit?

Not sure I understand what you are asking. Where can I find this information? the address I want the firewall to use for the tunnel is 10.100.0.2/32

[swingline]

Well it kind of works if

• I don't use the created gateway
• Route all subnet traffic out over Wireguard

Which meet my intent as that was my plan all along.....Just would have like to test it using a few clients before I pushed for the whole LAN network.

[sleepnow75]

The gateway is the problem. 

Configure your gateway this way:

Gateway -> Your WG Gateway Name-> IPv4 Configuration Type:  None

[ownerer]

EDIT: this is probably a better thread to follow up on for this issue.


Has anyone got the gateway routing scenario to work?
And if so: how?

I've got Wireguard up and running (Mullvad), handshake confirmed and everything.
Can anyone provide a clear and concise step-by-step guide on what to do from there?

Assuming the following (random dummy data):

• Endpoint address: 188.2.5.7
• Local address: 10.88.7.55
• Desired gateway address: 10.0.0.1

What do I do then?

• Create interface -> configure it how exactly?
• Create gateway on interface -> configure it how exactly?
• ...?

I am purposely not including my current attempts at getting it to work because I assume there must be a way it's intended to be done. As such I don't want to add any potentially confusing information.
All I'm hoping for is that the answer can be as clear and to-the-point as my question itself.
I imagine it'll be more useful to other people finding this thread as well (I know that's what I was looking/hoping for...).

Cheers guys :)