Wireguard client to ovpn.com

4fred · November 16, 2022, 11:44:39 AM

Dear all, I'm trying to do Wireguard to my VPN supplier and I'm having some problems, I start with what I have and add some more background further down in the post.

My provider (ovpn.com) basically provides a file with the settings for a Wireguard client to be stored in /usr/local/etc/wireguard/wgconfigfile.conf and the tunnel to be started by wg-quick up wgconfigfile.conf and then Enable interface and do the outbound nat, that kind of works but the tunnel does not start after a reboot and there are no settings visible in the GUI. I tried to translate what I have in the .config file and do the settings in the GUI but here I'm a bit lost, anyone can help me translate settings from the file to what it's called in the GUI (config file pasted below)?

If I can get this basic initial config working, I will venture out and do some more advanced stuff like use the alias to have just those clients use the tunnel and after that create another wg client and have a gateways group so I failover if my primary WG tunnel fails.

I may well be in over my head here but I'm willing to learn and I try to understand. I had a physical fw that finally broke, replacing it got to be a hassel. I have a physical host where I run some VM's (Openmediavault, dockers, portainer and so on) where I had space and nics to use so I went with OPNsense and WOW it runs well! I have followed guides and done DNS setup, some aliases and port forwarding GEOIP Dynamic DNS and all this cool stuff. It's been running for about two weeks now without any issue. It have far many more features than my old FW had and I have moved off containers and what not to OPNsense and it just work :)

(replaced all addresses in config)

Code Select


[Interface]
PrivateKey = (ReplacedPrivateKey)
Address = 172.16.12.132/32, very-long-ipv6/128
DNS = 46.47.57.67, 192.165.198.158, very-long-ipv6, very-long-ipv6

[Peer]
PublicKey = (ReplacedPublicKey)
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = server.stuff.location.ovpn.com:1234

chemlud · November 16, 2022, 12:35:49 PM

Hi, re: not starting at boot: simply set up a Cron job in the GUI for restarting stale WG tunnels and you're done. The script is in the dropdown menu for Cron jobs in the GUI.

https://forum.opnsense.org/index.php?topic=21659.15

4fred · November 16, 2022, 01:22:43 PM

That was nice, thank you!
Question - just use all the defaults or do I need to set anything in the cron?

chemlud · November 16, 2022, 01:44:35 PM

I use 2-3 min (2 * * * *) as the interval for executing the Cron job, nothing else to be set...

sanshinron · November 17, 2022, 12:18:32 PM

Quote from: chemlud on November 16, 2022, 01:44:35 PM
(2 * * * *)

That's once an hour, 2 minutes past full hour.

This is every 2 minutes - (*/2 * * * *).

4fred · November 17, 2022, 10:03:28 PM

Hmmm so I tried this.
Cron Enabled
Minutes */1
Hours *
Days *
Months *
Weekdays *
Command Renew DNS for WireGuard

Reboot OPNsense and Wireguard is not connected, waited a while and still not connected...?
Entered shell and ran: wg-quick up wgconfigfile and Wireguard connects and everything is fine...

Sooo, help?

chemlud · November 18, 2022, 12:51:06 PM

Code Select

Minutes */1

What's that?

4fred · November 18, 2022, 03:19:56 PM

View post from sanshinron just before mine...

chemlud · November 20, 2022, 10:58:31 PM

See comment in Cron (GUI)

Code Select

Enter the minutes for the job to act, can also be a comma-separated list, * (each) or a range (ex. 10,20,30 or 10-30)

Wireguard client to ovpn.com

4fred

November 16, 2022, 11:44:39 AM

chemlud

November 16, 2022, 12:35:49 PM #1

4fred

November 16, 2022, 01:22:43 PM #2

chemlud

November 16, 2022, 01:44:35 PM #3

sanshinron

November 17, 2022, 12:18:32 PM #4

4fred

November 17, 2022, 10:03:28 PM #5

chemlud

November 18, 2022, 12:51:06 PM #6

4fred

November 18, 2022, 03:19:56 PM #7

chemlud

November 20, 2022, 10:58:31 PM #8