Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Stuck with Wireguard configuration
« previous
next »
Print
Pages: [
1
]
Author
Topic: Stuck with Wireguard configuration (Read 1106 times)
Kck
Newbie
Posts: 2
Karma: 0
Stuck with Wireguard configuration
«
on:
August 06, 2022, 01:10:38 pm »
Hi everyone,
I am trying to setup WireGuard on my OpnSense instance and my iPhone. However I am stuck at this point. Any tips/recommendations are welcome!
My network:
OpnSense IP: 192.168.32.1
Subnet: 19 (Range 192.168.32.1 – 192.168.63.254)
DHCP range: 192.168.33.1 – 192.168.39.254
Wireguard interface: 192.168.64.1/24
Clients connected through Wireguard range: 192.168.64.2 – 192.168.64.254 (I guess I will manually define this per user/device when adding a new vpn client configuration)
The steps I have taken:
Install WireGuard plugin (obviously)
Add local configuration with tunnel address 192.168.64.1/24:
Add configuration on my iPhone:
Address: 162.168.64.2/32
DNS servers: 192.168.64.1
Endpoint: vpn.myhostname.com:51820
Allowed Ips: 0.0.0.0/0
Add endpoint in Wireguard plugin with Allowed Ips: 192.168.64.2/32
Enabled the Wireguard
Added new interface (wg0) and enable it.
Added WAN firewall rule:
Interface: WAN, Protocol: UDP, Source: any, Destination: WAN address, Destination port range: from: 51820 to: 51820
Added Wireguard firewall rule:
Interface: Wireguard, Protocol: any, Source: Wireguard net, Destination: WAN address, Destination port range: from any to any
When I try to connect through the iPhone application, it connects. I can see the interface in the List Configuration tab, but nothing in Handshakes or whatsoever. Even though it connects fine on my iPhone, I don’t have any internal or external access.
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Stuck with Wireguard configuration
«
Reply #1 on:
August 06, 2022, 02:00:02 pm »
A /19 on a LAN??? Do you have any idea what that does? Do you really need over 8000 hosts?
Stop! You're generating so much unneeded traffic is ridiculous.
Your firewall rule is only allowing Wireguard to the WAN. Change the destination to LAN or any.
Logged
Kck
Newbie
Posts: 2
Karma: 0
Re: Stuck with Wireguard configuration
«
Reply #2 on:
August 06, 2022, 02:09:41 pm »
Quote
Your firewall rule is only allowing Wireguard to the WAN. Change the destination to LAN or any.
Thanks for the suggestion!
Wouldn't this mean that through VPN I would be able to browse the internet? None of the destinations work, not internal resources nor external resources.
I gave it a try, changed from WAN address: to any (see screenshot below), no luck however.
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Stuck with Wireguard configuration
«
Reply #3 on:
August 06, 2022, 02:36:57 pm »
You said you assigned a new interface, you shouldn't need the interface for remote access but did you assign it an address? Should be the same address as your WG tunnel.
Also, set the interface MTU to 1420
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Stuck with Wireguard configuration