Wireguard: Peer's port mismatches and never do handshake

dsh · November 14, 2021, 08:47:00 AM

Hi there.

I am trying to connect my linux device to my opnserver. Unfortunately my linux device's port never matches and thus never do handshake.

OPNsense config

Endpoint config

Linux device wg0.conf

First I have tried without ListenPort, thus it was running at random port on linux device.

When I see OPN senses config, I see below.

For example in this case it's trying to connect back port 44000.

If I intentionally change to 44000 in Linux device with ListenPort declaration, OPNsense's endpoint's port will change to random port.

What could be the issue. I have allowed 52820 on firewall. Thanks in advance.

Patrick M. Hausen · November 14, 2021, 09:53:20 AM

What does your outbound NAT rule look like? If you manually created tge NAT rules snd NAT "everything" instead if e.g. "LAN net", that can happen.

dsh · November 14, 2021, 10:00:15 AM

My NAT outbound is by default.

dsh · November 14, 2021, 10:13:52 AM

Not sure what they means hopefully useful for you.

44027 is the port showing in list configuration

chemlud · November 14, 2021, 11:19:24 AM

You have a public IP in Mongolia? Would not post it here...

Looks like the tunnel is up, according to the last screenshot. Maybe some FW rules missing on WG interface to make traffic flow?

Patrick M. Hausen · November 14, 2021, 11:19:58 AM

OK, so it's the other end that is misbehaving. You need to check the NAT and/or the WireGuard configuration there.

Wireguard: Peer's port mismatches and never do handshake

dsh

November 14, 2021, 08:47:00 AM Last Edit: November 14, 2021, 08:57:31 AM by dsh

Patrick M. Hausen

November 14, 2021, 09:53:20 AM #1

dsh

November 14, 2021, 10:00:15 AM #2

dsh

November 14, 2021, 10:13:52 AM #3

chemlud

November 14, 2021, 11:19:24 AM #4 Last Edit: November 14, 2021, 11:21:17 AM by chemlud

Patrick M. Hausen

November 14, 2021, 11:19:58 AM #5