[SOLVED] Wireguard not working after upgrade.

mimugmail · August 03, 2020, 01:07:15 PM

route -q -n add -inet 192.168.1.0/24 -interface wg0

The line above indicates that this should be a network on the other side of the VPN tunnel.
If one of your local interfaces has this network, wireguard will break. In 20.1 it seems FreeBSD just ignored this.

bobbythomas · August 03, 2020, 01:19:19 PM

Quote from: mimugmail on August 03, 2020, 01:07:15 PM
route -q -n add -inet 192.168.1.0/24 -interface wg0

The line above indicates that this should be a network on the other side of the VPN tunnel.
If one of your local interfaces has this network, wireguard will break. In 20.1 it seems FreeBSD just ignored this.

Got it, After removing LAN and restarting the service Wireguard service came back online. Is this how it should be configured?

Thanks and regards,
Bobby Thomas

mimugmail · August 03, 2020, 01:19:55 PM

WHERE did you set this 192.168.1.0/24? in local instance or endpoint?

bobbythomas · August 03, 2020, 01:31:47 PM

Quote from: mimugmail on August 03, 2020, 01:19:55 PM
WHERE did you set this 192.168.1.0/24? in local instance or endpoint?

Local instance (on the firewall).

mimugmail · August 03, 2020, 01:39:11 PM

This is confusing, are you sure you did not do some mistakes between? First you were talking about 192.168.2.0 and now it's 192.168.1.0.

I really have no idea why wireguard should set a route for local addresses ...

mimugmail · August 03, 2020, 01:57:06 PM

I checked all available good documentations and also the official ones:
https://www.routerperformance.net/opnsense/opnsense-and-wireguard/

I have no idea why you set your local networks in local instance.

This is nowhere documented.

Maybe this would was dismissed with FreeBSD 11.2 and now throws an error in FreeBSD 12.1

bobbythomas · August 03, 2020, 02:01:43 PM

Quote from: mimugmail on August 03, 2020, 01:57:06 PM
I checked all available good documentations and also the official ones:
https://www.routerperformance.net/opnsense/opnsense-and-wireguard/

I have no idea why you set your local networks in local instance.

This is nowhere documented.

Maybe this would was dismissed with FreeBSD 11.2 and now throws an error in FreeBSD 12.1

Ok, I may have overlooked this during while configuring the local instance. I think I added my LAN as well as Zerotier to Wireguard config thinking it's similar to ipsec config. Anyways I removed it now and everything looks good. I will keep this in mind when configuring WG in future.

Thank you Michael. Appreciate your assistance.

Regards,
Bobby Thomas

mimugmail · August 03, 2020, 02:04:52 PM

Glad it works .. more happy to see that it's not 100% related to FreeBSD 12.1 8)

[SOLVED] Wireguard not working after upgrade.

mimugmail

August 03, 2020, 01:07:15 PM #15

bobbythomas

August 03, 2020, 01:19:19 PM #16

mimugmail

August 03, 2020, 01:19:55 PM #17

bobbythomas

August 03, 2020, 01:31:47 PM #18

mimugmail

August 03, 2020, 01:39:11 PM #19

mimugmail

August 03, 2020, 01:57:06 PM #20

bobbythomas

August 03, 2020, 02:01:43 PM #21

mimugmail

August 03, 2020, 02:04:52 PM #22