Wireguard no handshake

[phamd4]

Hello,

I'm new to the forum I hope someone could help me out. I've tried to find the answer but I couldn't find anything that may helped me. I've tried one of the solution to installed the older WG but still no help. I'm including some screenshot. Hopefully someone could help me figure this out.

[phamd4]

more screenshots

[zerwes]

tunnel address on the server and allowed ip's on the client are different networks ...

[phamd4]

Hello zerwes,

Thank you for your suggestion.

I have changed my server to 10.0.0.1/24 and my allowed IP to 10.0.0.5/32 but it seems to not connect to handshake as well.

I hope there are something else I could have done.

[zerwes]

You need a rule on the interface(s) the connection commes in to allow the client to connect to the server
So if your client comes from outside and connect to the WAN interface of the router, you need
Firewall: Rules: WAN allow dir:in proto:IPv4 UDP src:* dest:This Firewall  port:51802

[phamd4]

Hello,

Thank you for taking your time to help me.

I forgot to mentioned earlier, I have also set up the firewall as you have suggested. I followed the guide from the youtube along with the docs. THe firewall set under Rules then floating and as you have suggested. But it seems like I couldn't get anything connected. I have also to make sure created another rule within the 443 port just incase but still no luck

[zerwes]

Is the client config on the client intself correct?
Do you have some log output from the client?

[becks0815]

For the settings in the server, set the allowed IP#s for the client to something else than x.x.x.1 if this is the address you normally use for the gateway/firewall:

Hello zerwes,

Thank you for your suggestion.

I have changed my server to 10.0.0.1/24 and my allowed IP to 10.0.0.5/32 but it seems to not connect to handshake as well.

I hope there are something else I could have done.

This is correct. .1 is normally used for the GW/FW and anything above is for clients.

the next steps then are to exchange the public keys between the server and the client, and then to add the used IP (10.0.0.5) into the config settings of your client.

And then - restart the wireguard service! It doesn't automatically take over the config like other services, but yoiu need to go to the lobby, select the service button, stop it and restart it. This was something which caught me when I set the whole thing up.

What I can only recommend is to use the official docu here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html and follow it step by step. I also tried YT videos, but I always had the docu open to cross read so I didn't forget anything. As said, step 4 was the one which resulted in headaches on my end, because only by restarting the service all the details like new7change keys are really taken over and enabled.