[solved] Wireguard issue since 22.1.3 upgrade

[maclinuxfree]

Hello,

my wireguard site2site tunnel is not working after upgrading to 22.1.3.

There is no handshake. I had to switch to opnevpn site2site to get my connection back. On 22.1 it was fine.

Pls help.

[MoonbeamFrame]

I am seeing a similar issue.

The only difference is that I updated to 22.1.3 a few days ago. os-wireguard version 1.10

Connections were working as of 2022-03-22 21:00 (GMT) but now there are no handshakes.

It looked like as handshakes expired they were not renewed and once all had expired that was it.

[Superduke]

Have you tried disabling the main tunnel and clients and then re-enabling them?  I have found that the Wireguard setup is somewhat finnicky when it comes to that if a major upset to the system happens.  It seems as if timing matters so maybe try a couple of disables and re-enables and it may come back for you.

[mimugmail]

https://github.com/opnsense/plugins/issues/2901#issuecomment-1075753215

[MoonbeamFrame]

@Superduke

Yes. I also tried firewall reboots and removing the plugin and reinstalling again.

@mimugmail

This does not appear to match my scenario, and the solution presented looks to differ from the Road Warrior Setup docs. I did try the suggested solution, but that did not resolve the problem.


Form the GUI the wireguard service  looks to be running in that I can see activity in the List Configuration tab, but no handshakes.

[mimugmail]

Then you need to attach some Screenshots

[MoonbeamFrame]

My issue does not appear to be configuration related.

Having run a Health check, and dealt with a couple of minor issues, Wireguard sessions would still not come up.

Downgrade OPNsense to 22.1.2_1  and all is working.

As there are no references to Wireguard in the 22.1.3 patch notes it looks like there is an unexpected dependence on one of the other changes.

[maclinuxfree]

In my case I changed back to openvpn s2s...hopefully 22.1.4 fixes it.

[maclinuxfree]

Hello sadly still no luck.
On 22.1.4_1 the tunnels connecting but there are traffic issues.
Web traffic http https is working through the wg tunnels but ssh and ping sometimes not.
OpenVPN tunnels are fine.

[mimugmail]

Then you need to attach some Screenshots

...

[maclinuxfree]

I things there is something wrong with the routing.

If I do an angryip-scan to the opposite site of the wg-tunnel...every IP answers to be allive.

So no more wg for me now.

[guenti_r]

Hmmm... no issues here..
Have alot of OPNSense Appliances with Wireguard, all work flawless as usual.

Why are your Allowed IPs in the same subnet? Never seen this before:

Allowed IPs: [10.0.0.0/24] [10.0.0.9/32]
Allowed IPs: [10.0.0.0/24] [10.0.0.1/32]

Please separate these subnets, for example 10.0.1.0/24 10.0.0.9/32

[maclinuxfree]

This I found out the isssues are only on vodafone Cable wans. Telekom 2 Telekom no issue.

And it worked all under 22.1

[guenti_r]

Ok, then you have a MTU or MSS problem.
Easy to solve.

[maclinuxfree]

I think it's working now.

These two settings were ticked. This causes the issues in WG.