Archive > 21.7 Legacy Series

Wireguard not passing UDP traffic - all UDP traffic blocked

(1/1)

nzkiwi68:

* I've setup some site to site VPN tunnels using WG for a migration project from another firewall using IPSEC tunnels
* I have build specific fw rules on the "Wireguard (Group" fw rules tab, including rules for TCP/UDP
* Citrix users, running an older Citrix client can logon, but, newer client including thin client OS couldn't logon

After a bit of work, I figured out that OPNsense is blocking UDP traffic. TCP and ICMP is passing just fine, but all UDP traffic is getting blocked.

Somehow, TCP and ICMP are routing up and down the WG tunnels and passing correctly through the firewall rules, but, not UDP.

See the screen capture showing blocked UDP. I guarantee 100% there IS a firewall rule on the "Wireguard (Group)" fw rules tab to allow this UDP traffic, but, somehow TCP and ICMP are being treated differently.

Questions
I don't have a "wg0" interface setup - do I need to add that "wg0" interface?
If I add that, do have to give it an IP address?

Any help appreciated.

Greelan:
What do the firewall rules look like?

OmnomBánhmì:
Try enabling logging on all possibly relevant firewall rules, and check the log. 

Navigation

[0] Message Index