Wireguard documentation outdated

Started by vpv, June 14, 2021, 08:26:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 14, 2021, 08:26:19 PM Last Edit: June 14, 2021, 08:50:48 PM by vpv
Hi! I'm a new OPNsense user and I wanted to set up a road warror wireguard server on my OPNsense box. The documentation in https://docs.opnsense.org/manual/how-tos/wireguard-client.html seems outdated/wrong.


  • In Step 2b the whole port forwarding thing is not needed.
  • Step 2c: if you add a wireguard interface and then reboot OPNsense, an outbound rule will be automatically generated for you. I learned this from https://blog.linuxserver.io/2019/11/16/setting-up-wireguard-on-opnsense-android/ . If you don't add an interface, which is apparently not necessary, then I guess you need an outbound rule.

    • Edit: At this point I had to reboot so that the automatic outbound rule actually appeared.
  • This is the most important thing: The article does not tell you to open the firewall from WAN. You need a WAN rule to allow UDP traffic to the WAN address, port 51820 (the default), from everywhere.

Who maintains the documentation? Should I make a GitHub issue about this?
June 14, 2021, 11:19:19 PM #1
Agreed that the port forward is not required. But the default for a port forward is to add an associated firewall rule, so it should still work (just unnecessary).

If you want the client to access the internet through the WG tunnel then as the docs say the idea is to add an interface (which as you say sets up the outbound NAT rule). But if you only want to access your LAN over the tunnel, then the interface (and any outbound NAT rule) is not needed.

You can submit a PR yourself for changes to the docs if inclined: https://github.com/opnsense/docs/blob/master/source/manual/how-tos/wireguard-client.rst
July 24, 2021, 04:28:01 AM #2
Would really appreciate a set of instructions that actually work.  Why they would add a product and then documentation that fails to actually allow one to set it up is ridiculous! 

Again if you have a set of instructions on how to set up I would really appreciate it!  I have tried for 4 hours now and cannot access the internal network from the Wireguard client yet if I connect with wireguard to the Untangle firewall it works flawlessly and they even create the client config file for you.
July 24, 2021, 04:30:00 AM #3 Last Edit: July 24, 2021, 04:34:41 AM by Greelan
Have another look at the road warrior docs. They have been updated since the OP's post (by me).  :)
Print
Go Up Pages1
User actions