Wireguard client not receiving

Started by rasfar121, October 19, 2020, 04:57:54 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
October 19, 2020, 04:57:54 PM
Hi guys,

I am pretty new to OPNsense but you guys seem very quick at responding.

So my setup is a baremetal server running 20.7 OPNsense.
I am really trying hard to get the Wireguard VPN to work but really having zero luck, even paid pro engineers to help and they couldn't do it.
So here is why I am baffled... the server sees my client which im using the official windows app for as it shows my IP correctly and seems to be sending and receiving. I have attached to images for you to see. But on my laptop I am not receiving anything thus have no connection, i cant ping the server or anything like that. I have used WG on my laptop before without issues. I have followed multiple guides restarted multiple times but still no luck.
Has there been anyone else who may have had a similar experience.
https://ibb.co/71qr7zW
https://ibb.co/0B6fCzg

I am to the point that I have to reconsider OPNsense completely. I flirted with Softether too as you may recall from my post yesterday but even that seemed to have a lot a trouble. But I have simply spent too much time to just give up on it so please any help would be so useful right now.


Thanks again in advance for anyone who can guess what is wrong.
October 19, 2020, 05:06:54 PM #1
Ok, we need:
- a graphical network plan
and screenshots of:
- outbound NAT
- Firewall rules WAN
- Firewall rules WireGuard
- WireGuard config on OPNsense

What do you see in: Firewall: Logs: Live view

when trying to send data through from the client like ping to OPNsense.
,,The S in IoT stands for Security!" :)
October 19, 2020, 05:46:20 PM #2 Last Edit: October 20, 2020, 04:48:30 PM by rasfar121

here are the screen shots, ill get the logs in a min

Thank you for this
October 19, 2020, 05:49:41 PM #3
Under WGRules the source should be the network: 10.0.7.0/24 not 10.0.7.1/24
,,The S in IoT stands for Security!" :)
October 19, 2020, 05:54:23 PM #4 Last Edit: October 19, 2020, 06:03:44 PM by Gauss23
And you need one more outbound NAT rule.

Like the one attached
,,The S in IoT stands for Security!" :)
October 19, 2020, 06:37:18 PM #5
Thank you very much, i applied the changes and still not receiving on my client side.

Here is the live log
https://ibb.co/9NRjyGy


and this

https://ibb.co/xz94qLr
October 19, 2020, 06:47:32 PM #6 Last Edit: October 19, 2020, 06:53:53 PM by Gauss23
Those lines don't say anything about the WireGuard connection.

Are you able to send a ping from the client to the OPNsense? What do the logs say? You can filter i.e. for source IPs from the 10.0.7 subnet.

Or try to ping the other way around:
Interfaces: Diagnostics: Ping
10.0.7.20

What do you see?

And please enable logging for the firewall rule in picture WGRules (press the "i" next to the lightning symbol). This way you should see the traffic in the live log.
,,The S in IoT stands for Security!" :)
October 20, 2020, 04:13:57 AM #7
Hi,
sorry but I live in SE asia so apologies for the late reply.

i can only ping 10.0.7.20 from my laptop nothing else works.

I really dont know where its going wrong
October 20, 2020, 07:35:13 AM #8
and here i tried a ping from sense 100% loss
https://ibb.co/L5s70SV
October 20, 2020, 07:38:45 AM #9
Quote from: Gauss23 on October 19, 2020, 06:47:32 PM
And please enable logging for the firewall rule in picture WGRules (press the "i" next to the lightning symbol). This way you should see the traffic in the live log.

Did you enable logging? You should then see the ICMP requests in the live view. If there a no ICMP requests, the client seems to have a problem. You should be able to ping 10.0.7.1 from the client.
,,The S in IoT stands for Security!" :)
October 20, 2020, 04:38:59 PM #10
I am doing everything as i have been told so far but no luck

I am getting demoralised, so I have installed softether and trying a different solution. it seems that many people have problems with wireguard on OPNsense even in Reddit.

No i have different problems with Softether which ill open a post for
October 22, 2020, 06:54:41 AM #11
Quote from: Gauss23 on October 20, 2020, 07:38:45 AM

Hi Gauss22, so this is my first attempt to make a network plan for reference. I hope it helps solve the WG issue I am having.

https://ibb.co/ZLx8Hv8
https://ibb.co/x8Ssg1h
https://ibb.co/cvH01Yt

I am not sure under which label i need to check for ICMP in live view, if you could advise I can double check. But for reference the interface on OPNsense shows my home IP which is dynamic and is correct so dont know how it can figure that out if there is not connection at all.

Thanks again.

October 22, 2020, 07:28:23 AM #12
Are these screenshots still valid?
October 22, 2020, 07:43:47 AM #13
I took the a few hours ago. they are the latest
October 22, 2020, 07:51:18 AM #14
also one area which is dubious in my setup is the Interface, some say you dont need it but some say you do. I have tried both and no luck.

Thanks for looking at the post
Print
Go Up Pages1 2
User actions