Archive > 21.1 Legacy Series

WireGuard Issue's while setting up

(1/4) > >>

mircsicz:
Hi all,

just wanted to migrate from IPsec to WG using his guide, but the issue's won't let me...

A FW rule is in place


Checking the config it seems fine:




Except that it doesn't show Config nor handshake



On the dashboard I can see that the service isn't started:


When I check the *.conf using SSH it seems fine:

--- Code: ---$ sudo cat /usr/local/etc/wireguard/wg0.conf
[Interface]
PrivateKey = LOCALPRIVKEY
Address = 172.160.x.2/24
ListenPort = xx822

[Peer]
PublicKey = PEERSPUBKEY
Endpoint = 185.x.x.x:21822
AllowedIPs = 10.160.x.x/24,172.160.x.x/24
PersistentKeepalive = 60

--- End code ---

And when I try to start the WG Service from the Dashboard this show's up in system.log:

--- Code: ---Jul 24 16:56:33 router kernel: tun0: link state changed to UP
Jul 24 16:56:33 router kernel: tun0: changing name to 'wg0'
Jul 24 16:56:33 router kernel: wg0: link state changed to DOWN
Jul 24 16:56:33 router opnsense[58788]: /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
Jul 24 16:56:33 router opnsense[58788]: /usr/local/etc/rc.routing_configure: ROUTING: IPv4 default gateway set to opt2
Jul 24 16:56:33 router opnsense[58788]: /usr/local/etc/rc.routing_configure: ROUTING: setting IPv4 default route to 185.x.x.x
Jul 24 16:56:33 router opnsense[58788]: /usr/local/etc/rc.routing_configure: ROUTING: keeping current default gateway '185.x.x.x
Jul 24 16:56:34 router opnsense[58788]: plugins_configure monitor (1)
Jul 24 16:56:34 router opnsense[58788]: plugins_configure monitor (execute task : dpinger_configure_do(1))
Jul 24 16:56:34 router opnsense[58788]: /usr/local/etc/rc.routing_configure: The WAN_PROVIDER_PPPOE monitor address is empty, skipping.
Jul 24 16:56:34 router opnsense[58788]: /usr/local/etc/rc.routing_configure: The WAN_PROVIDER_DHCP_DHCP monitor address is empty, skipping.
Jul 24 16:56:35 router kernel: pflog0: promiscuous mode disabled
Jul 24 16:56:35 router kernel: pflog0: promiscuous mode enabled

--- End code ---

And I've already restored the config: downloaded the xml removed all WireGuard Contents from the file and restored it as a backup...

Hope one of you has a hint!

BTW: all this is on 21.1.8_1

bubbagump:
Change the firewall rule from "To This Firewall" to "WAN address".

mircsicz:
Thank you, that's what I do usually too...

But I'm afraid that won't solve my prob, as I can't even see a config.

bubbagump:
Were keys generated? And did you associate endpoints with the Local? Much of the WG config I can’t see in your screenshots.

KHE:
Hi,

did you enable WireGuard under the General Tab and pressed Apply?
If I disable it, my config disappears...

KH

Navigation

[0] Message Index

[#] Next page

Go to full version