Wireguard not working after upgrade from 21.1.2 to 21.1.4

Started by bobbythomas, March 31, 2021, 11:36:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 31, 2021, 11:36:13 PM Last Edit: April 01, 2021, 07:13:25 PM by bobbythomas
Hi All,

I have upgraded my Opnsense instance to 21.1.4 from 21.1.2 and since then Wireguard is not working, I think the service is not running or some other issue. I see WG handshake timing out on the client side, but there is no traffic seen on the firewall end. I tried capturing packets on the WAN side on port udp 51820 (default port) but it's not even showing any hits. I can see other traffic from same IP and IPSec vpn is also working fine. Was there any changes in 1.5? Do I need to reconfigure WG from scratch after this upgrade?

Thanks in advance.

Regards,
Bobby Thomas
March 31, 2021, 11:56:33 PM #1
Ok, this is kind of weird, I tried connecting from inside network and it connected fine, then I tried connecting from WAN again and this time it connected fine. Not sure what's going one with WG.

Going to mark this as Solved.
April 01, 2021, 08:34:23 AM #2
Golden rule for VPN: Don't every use standard ports...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
April 01, 2021, 08:52:05 AM #3
Quote from: chemlud on April 01, 2021, 08:34:23 AM
Golden rule for VPN: Don't every use standard ports...
Don't think it matters with WG, as it is stealthy. See DoS Mitigation here: https://www.wireguard.com/protocol/
April 01, 2021, 06:39:01 PM #4
Quote from: chemlud on April 01, 2021, 08:34:23 AM
Golden rule for VPN: Don't every use standard ports...

That's called security by obscurity ...
April 01, 2021, 07:18:08 PM #5
This seems to be reoccurring, I am unable to connect to WG from outside (WAN) if try to establish a new session (mostly after some hours after establishing a WG vpn sesison). But after connecting from inside (LAN) I am able to establish a WG session from outside. This is kind of weird. As this is reoccurring I changed the status of this post.

Any idea what could be causing the issue?

Thank you,
Regards,
Bobby Thomas
April 01, 2021, 10:19:21 PM #6
Suggest you post screenshots of your WG setup and relevant FW rules. The behaviour you are reporting is indeed very strange and points to some configuration issue. I have no issues at all connecting with WG under 21.1.4 (whether into OPNsense or out)
April 03, 2021, 02:44:35 AM #7
Same here, Wireguard is working fine for me, the upgrade was problem-free.
April 03, 2021, 02:37:41 PM #8
After upgrade to 21.1.4 my wireguard-go service shows as not started and when I try to restart nothing happens.  On the other hand,  wireguard appears to be working when I connect.  I have tried reinstalling the wireguard services and still have the same behavior.
April 03, 2021, 03:14:31 PM #9
Quote from: AF1E on April 03, 2021, 02:37:41 PM
After upgrade to 21.1.4 my wireguard-go service shows as not started and when I try to restart nothing happens.  On the other hand,  wireguard appears to be working when I connect.  I have tried reinstalling the wireguard services and still have the same behavior.

/usr/local/etc/rc.d/wireguard restart

Please post the output
April 03, 2021, 04:45:23 PM #10
See below

root@opnsense:~ # /usr/local/etc/rc.d/wireguard restart
  • ifconfig wg0 destroy
  • resolvconf -d wg0
  • ifconfig wg create name wg0
  • wg setconf wg0 /dev/stdin
  • ifconfig wg0 inet 10.0.0.1/24 alias
  • ifconfig wg0 mtu 1420
  • ifconfig wg0 up
  • resolvconf -a wg0 -x
  • route -q -n add -inet 10.0.0.4/32 -interface wg0
  • route -q -n add -inet 10.0.0.3/32 -interface wg0
  • route -q -n add -inet 10.0.0.2/32 -interface wg0
  • Backgrounding route monitor
    root@opnsense:~ #
April 03, 2021, 07:37:51 PM #11
ps aufx | grep wireguard
April 06, 2021, 07:44:59 PM #12
AAhhh
Me too

On my side i got this :

# /usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface
  • ifconfig wg create name wg0
    [!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
  • wireguard-go wg0
  • wg setconf wg0 /dev/stdin
    Line unrecognized: `PublicKey='
    Configuration parsing error
  • rm -f /var/run/wireguard/wg0.sock
April 06, 2021, 09:01:34 PM #13
Quote from: Georges on April 06, 2021, 07:44:59 PM
AAhhh
Me too

On my side i got this :

# /usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface
  • ifconfig wg create name wg0
    [!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
  • wireguard-go wg0
  • wg setconf wg0 /dev/stdin
    Line unrecognized: `PublicKey='
    Configuration parsing error
  • rm -f /var/run/wireguard/wg0.sock
So this is unrelated to the update and happened also before
April 08, 2021, 09:45:54 AM #14
Ah?
Because i got it after the update :).
but any way i remove all conf and package, reboot and reinstall package, it's work now.
Print
Go Up Pages1
User actions