Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard connection ok but no handshake
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard connection ok but no handshake (Read 1284 times)
orsomannaro
Newbie
Posts: 10
Karma: 0
Wireguard connection ok but no handshake
«
on:
December 13, 2022, 05:29:39 pm »
I'm trying to set up a Wireguard VPN. The connection takes place (firewall logs say so) but no handshake occurs with either Ubuntu or Windows client. I made several tests, also manually setting Outbount rules, but without being able to solve.
Note:
- WAN is a hiperlan connection and I manage 8 public IPs (configured as Virtual IPs on OPNsense)
- In the firewall rule for WAN port 51820 I had to set as "Destination" the Alias (
PubCloud
) of the public IP address used for the VPN connection (otherwise it would not work, probably due to the multiple IPs).
OPNsense config:
I took some screenshots ... I tried to follow the official OPNsense documentation (as well as checking some how-to on the Internet) assigning the wg1 device to an dedicated interface.
VPN:
VPN-WireGuard-local
VPN-WireGuard-endpoint
VPN-WireGuard-status
VPN-WireGuard-handshakes
Interface:
Interfaces-Assignments
Interfaces-WireGuard1
System-Routes-Status
Firewall:
Firewall-Log-port_51820
Firewall-Rules-WAN
Firewall-Rules-WireGuard _Group
Firewall-Rules-WireGuard1
Client config:
[Interface]
Address = 10.10.10.2/32
PrivateKey = YP8<8<8<8<8<8<8<8<8<8<8<8<8<c=
[Peer]
Endpoint = 185.x.x.x:51820
PublicKey = A18<8<8<8<8<8<8<8<8<8<8<8<8<Ww=
AllowedIPs = 10.10.10.0/24, 192.168.0.0/24
PersistentKeepalive = 15
Thanks for any help!
«
Last Edit: December 13, 2022, 05:38:58 pm by orsomannaro
»
Logged
orsomannaro
Newbie
Posts: 10
Karma: 0
Re: Wireguard connection ok but no handshake
«
Reply #1 on:
December 15, 2022, 09:31:09 am »
Ok... After many attempts, trying to drop and recreate server and endpoints and also using an android client with mobile Internet connection, I give up.
But I would like to test Wireguard as well, so the question is still open for anyone who wants to help me fix it. Thank you.
Logged
Patrick M. Hausen
Hero Member
Posts: 6801
Karma: 571
Re: Wireguard connection ok but no handshake
«
Reply #2 on:
December 15, 2022, 09:58:30 am »
Use tcpdump and watch if packets for port 51820 arrive at your WAN interface ... continue from there.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
orsomannaro
Newbie
Posts: 10
Karma: 0
Re: Wireguard connection ok but no handshake
«
Reply #3 on:
December 15, 2022, 11:23:55 am »
I found the "problem" ...
Using "Packet Capture" (Interfaces->Diagnostics->Packet Capture) I found an OPNsense response from an "unknown" IP and light bulb went on in my head ...
The ISP has given us some public IP addresses that we use for our services. But the router that manages the Hiperlan connection antenna, dynamically assigns (via ppoe) another public IP to the WAN interface of OPNsense, which is the one actually used by WireGuard.
Using this address as peer endpoint in the client configuration (and changing the firewall rule for WAN interface port 51820) the VPN started working.
In order to use one of the virtual public IPs address I think it is necessary not to associate the device to an interface and manually create an Outbound rule that directs the outgoing traffic from the wireguard device to the desired virtual public IP (but I haven't tested it yet ... )
«
Last Edit: December 15, 2022, 03:02:30 pm by orsomannaro
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Wireguard connection ok but no handshake
