Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Wireguard status
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard status (Read 7147 times)
eblot
Newbie
Posts: 31
Karma: 1
Wireguard status
«
on:
June 08, 2020, 11:01:30 pm »
Hi,
What is the wireguard status with latest OpnSense release?
I'm using OPNsense 20.1.7-amd64
I've been using wireguard for a while (opnsense w/ macOS and iOS endpoints), and for some reason it seems it does not work anymore, although I cannot trace back when it actually stopped working, but I do not remember changing anything related to Wireguard or the FW rules.
I'm a bit lost about the packages for Wireguard. There are:
* os-wireguard 1.1
* wireguard 1.0.20200513
* wireguard-go 0.0.20200320
which one(s) is/are required ?
I think when I've initially setup wireguard and when it used to work, there was a < 1.0 release.
Maybe the config format has changed and I need to reinstall it from scratch?
Another question: where are the logs associated with Wireguard support?
The list configuration and handshake panes are empty. They were reporting some info when the setup used to work.
It seems Wireguard is more or less idle, but I really do not know where to look to get logs or debug info.
Thanks.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Wireguard status
«
Reply #1 on:
June 09, 2020, 07:24:15 am »
All 3 are required and seems up2date. There are no logs with WireGuard, one of th sad things compared to OpenVPN, means you really have to know how it works if you want to use it in production.
When show config is empty you maybe don't have it enabled in general tab?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
eblot
Newbie
Posts: 31
Karma: 1
Re: Wireguard status
«
Reply #2 on:
June 15, 2020, 10:37:31 pm »
Sorry for some reason I did not get notified about your reply.
Everything is enabled - as it used to be before the update, that is:
https://<server>/ui/wireguard/general/index
* General tab: Enable Wireguard is selected
* Local tab: One configuration defined, also enabled (with all 4 defined peers selected)
* Endpoints tab: 4 peers defined and enabled
* List configuration: empty
* Handshakes: always empty, it used to contain real handshake before the last update, when the peers were active
However, now that I have installed the new wireguard-go package, I can see on the dashboard page that this server cannot start - and I cannot get any log to know what's the problem.
If I log in the system using ssh and force run wireguard-go:
$ sudo ./usr/local/bin/wireguard-go -f wg0
INFO: (wg0) 2020/06/15 22:29:38 Starting wireguard-go version 0.0.20200320
INFO: (wg0) 2020/06/15 22:29:38 Device started
INFO: (wg0) 2020/06/15 22:29:38 UAPI listener started
the wireguard-go icon on the dashboard gets green light, and
interface: wg0
appears in the list configuration tab. However, it does seem to make the WG VPN to work: no comm from client, no handshake reported in the dedicated tab.
I would have like uninstalling everything and reinstall Wireguard from scratch, but it seems it is not possible from the UI...
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Wireguard status
«
Reply #3 on:
June 16, 2020, 05:55:14 am »
Try
/usr/local/etc/rc.d/wireguard restart
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
eblot
Newbie
Posts: 31
Karma: 1
Re: Wireguard status
«
Reply #4 on:
June 20, 2020, 05:12:39 pm »
It seems the culprit was an invalid peer key entry.
Lack of log file is definitely an issue to solve this kind of error.
$ /usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface
wireguard-go wg0
INFO: (wg0) 2020/06/20 17:06:50 Starting wireguard-go version 0.0.20200320
wg setconf wg0 /tmp/tmp.Hxs5bS6X/sh-np.sMewul
Key is not the correct length or format: `6QxSgFJGyaSNT1deq0jM48bthCz0Vz04CdlWuGgwxgI'
Configuration parsing error
rm -f /var/run/wireguard/wg0.sock
[/tt]
I also discovered that at start up - I ended up plugging in a screen which I had not done for years - BSD or OpnSense gets mad about a corrupted tar file, and dumps thousands of the very same error line ("corrupted archive") before resuming the boot sequence. It does not seem to self heal, all boots show this madness. Maybe I should reinstall opnsense from scratch...
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Wireguard status
«
Reply #5 on:
June 20, 2020, 08:26:58 pm »
This is a problem from Wireguard, I already tried to output console to a file for semi-log, but this is also not possible.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Wireguard status