OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Wireguard Port Forwarding not working
« previous next »
  • Print
Pages: [1]

Author Topic: Wireguard Port Forwarding not working  (Read 3330 times)

trunet

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Wireguard Port Forwarding not working
« on: June 21, 2021, 01:59:59 pm »
Hello everybody,

Following advise on https://github.com/opnsense/core/issues/4389 I'm creating this thread here. I still think it's a bug on opnsense and/or wireguard implementation, but anyway, here it is.

I'm unable to make port forward working on opnsense. I tried without wireguard-kmod before and saw people saying that it should work with it, so I went ahead installed and rebooted, but still nothing. Both with kmod and without the behaviour is exactly the same. If I just change the VPN_XX to use OpenVPN tunnel, it works fine.

My setup is as follow.
- WAN = WAN / ix1_vlan34
- WireGuard tunnel = VPN_XX / wg1
- LAN = LAN_VPN_XX / ix0_vlan24
- Server running on LAN = 192.168.24.51

I have a port forwarding NAT like this:
- VPN_XX   TCP/UDP   *   *   *   10000   192.168.24.51     10000

Firewall rule on LAN_VPN_XX with VPN_XX gateway:
IPv4 *   LAN_VPN_XX net   *   *   *   VPN_XX   *

Wireguard VPN is configured and it works fine, I can curl and everything. Just port forwarding doesn't work.

OpnSense wg1 tcpdump:

Code: [Select]
13:12:46.987457 IP [REDACTED_PUBLIC_IP].46256 > 10.13.128.89.10000: Flags [S], seq 3380801657, win 29200, options [mss 1380,sackOK,TS val 3306454498 ecr 0,nop,wscale 7], length 0

OpnSense ix1_vlan34 tcpdump (my WAN interface):

Code: [Select]
13:12:46.987713 IP 10.13.128.89.10000 > [REDACTED_PUBLIC_IP].46256: Flags [S.], seq 3870681174, ack 3380801658, win 65160, options [mss 1460,sackOK,TS val 3841074193 ecr 3306454498,nop,wscale 7], length 0
13:12:46.987814 IP 10.13.128.89.10000 > [REDACTED_PUBLIC_IP].46256: Flags [S.], seq 3870681174, ack 3380801658, win 65160, options [mss 1460,sackOK,TS val 3841074193 ecr 3306454498,nop,wscale 7], length 0
...... more TCP SYN/ACK retries
Any idea?
Logged

CyberAnarcoCom

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: Wireguard Port Forwarding not working
« Reply #1 on: August 10, 2021, 01:51:06 am »
Same for me, been over a year now and still no progress on this port forward on WG.

any updates anyone?
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17661
  • Karma: 1611
    • View Profile
Re: Wireguard Port Forwarding not working
« Reply #2 on: August 10, 2021, 08:10:36 am »
https://github.com/opnsense/core/issues/4389#issuecomment-865349224

It's literally referenced in the ticket above.


Cheers,
Franco
Logged

SebbesApa

  • Newbie
  • *
  • Posts: 9
  • Karma: 0
    • View Profile
Re: Wireguard Port Forwarding not working
« Reply #3 on: September 07, 2021, 11:37:19 am »
I see that he is using 21.7.b version (type development). Do we know what community version this change will be included in?

Br.

Quote from: franco on August 10, 2021, 08:10:36 am
https://github.com/opnsense/core/issues/4389#issuecomment-865349224

It's literally referenced in the ticket above.


Cheers,
Franco
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17661
  • Karma: 1611
    • View Profile
Re: Wireguard Port Forwarding not working
« Reply #4 on: September 07, 2021, 11:45:45 am »
We can safely assume that 21.7.b is part of 21.7(.x).


Cheers,
Franco
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • Wireguard Port Forwarding not working
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2