Archive > 20.1 Legacy Series

please help on wireguard

(1/2) > >>

hlyi:
Hi,

New to opnsense firewall. I followed the instruction below to install WireGuard.
https://www.thomas-krenn.com/en/wiki/OPNsense_WireGuard_VPN_for_Road_Warrior_configuration#Prepare_OPNsense_for_Wireguard_VPN

The link seems to be established, but client could not access any host at server side.

* under VPN/Wireguard/List configuration/peer, both the transfer and received bytes keep increasing while ping was send from client to VPN. It seems wireguard interface itself works as expected

* Wireshark (on client side) shows UDP packet was sent to opnsense, but opnsense didn't return any packet. (client saw 100% packet loss)
It seems that opnsense blocked wireguard return packets. How to debug this issue (new to freebsd, have iptables experience from linux)?

Thanks a lot!

Mks:
Try this one:
https://homenetworkguy.com/how-to/configure-wireguard-opnsense/

The point "Add the WireGuard Interface" was not necessary in my case, cause it was created automatically.

br

hlyi:
Thanks @Mks. I followed the guideline you provided. I still saw the same problem. Client didn't see return packet :-[

Mks:
Hi,

please double check:

* Outbound NAT Rule
* Firewall Rules to Access Internal Networks/Devices
* Look at the firewall log (Filter to Wireguard Interface)
br

hlyi:
The outbound NAT rule matches guideline.

Firewall rule on Wireguard interface is passing all traffic.

Firewall log didn't show traffic on wireguard interface. The only one related to wireguard is an incoming UDP packet on WAN when the client initiated the connection. :-[ peer interface under List Configuration of VPN:WireGuard did show increased transfer and received bytes

Thanks!

Navigation

[0] Message Index

[#] Next page