OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Wireguard documentation outdated
« previous next »
  • Print
Pages: [1]

Author Topic: Wireguard documentation outdated  (Read 1975 times)

vpv

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Wireguard documentation outdated
« on: June 14, 2021, 08:26:19 pm »
Hi! I'm a new OPNsense user and I wanted to set up a road warror wireguard server on my OPNsense box. The documentation in https://docs.opnsense.org/manual/how-tos/wireguard-client.html seems outdated/wrong.

  • In Step 2b the whole port forwarding thing is not needed.
  • Step 2c: if you add a wireguard interface and then reboot OPNsense, an outbound rule will be automatically generated for you. I learned this from https://blog.linuxserver.io/2019/11/16/setting-up-wireguard-on-opnsense-android/ . If you don't add an interface, which is apparently not necessary, then I guess you need an outbound rule.
    • Edit: At this point I had to reboot so that the automatic outbound rule actually appeared.
  • This is the most important thing: The article does not tell you to open the firewall from WAN. You need a WAN rule to allow UDP traffic to the WAN address, port 51820 (the default), from everywhere.

Who maintains the documentation? Should I make a GitHub issue about this?
« Last Edit: June 14, 2021, 08:50:48 pm by vpv »
Logged

Greelan

  • Hero Member
  • *****
  • Posts: 1028
  • Karma: 72
    • View Profile
Re: Wireguard documentation outdated
« Reply #1 on: June 14, 2021, 11:19:19 pm »
Agreed that the port forward is not required. But the default for a port forward is to add an associated firewall rule, so it should still work (just unnecessary).

If you want the client to access the internet through the WG tunnel then as the docs say the idea is to add an interface (which as you say sets up the outbound NAT rule). But if you only want to access your LAN over the tunnel, then the interface (and any outbound NAT rule) is not needed.

You can submit a PR yourself for changes to the docs if inclined: https://github.com/opnsense/docs/blob/master/source/manual/how-tos/wireguard-client.rst
Logged

kapara

  • Jr. Member
  • **
  • Posts: 97
  • Karma: 3
    • View Profile
Re: Wireguard documentation outdated
« Reply #2 on: July 24, 2021, 04:28:01 am »
Would really appreciate a set of instructions that actually work.  Why they would add a product and then documentation that fails to actually allow one to set it up is ridiculous! 

Again if you have a set of instructions on how to set up I would really appreciate it!  I have tried for 4 hours now and cannot access the internal network from the Wireguard client yet if I connect with wireguard to the Untangle firewall it works flawlessly and they even create the client config file for you.
Logged

Greelan

  • Hero Member
  • *****
  • Posts: 1028
  • Karma: 72
    • View Profile
Wireguard documentation outdated
« Reply #3 on: July 24, 2021, 04:30:00 am »
Have another look at the road warrior docs. They have been updated since the OP’s post (by me).  :)
« Last Edit: July 24, 2021, 04:34:41 am by Greelan »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Wireguard documentation outdated
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2