Wireguard site-2-site OpnSense to PFSense

[mcouture]

I have 2 Wireguard site-to-site VPNs setup already.   Both ends are OpnSense.   I want to setup a 3rd VPN to a PFSense box and I have not had any luck getting them to handshake (OpnSense to PFSense).    Anybody have any issues in this area?

public keys generated and copied appropriately.

[Demusman]

No issues here. Had 2 tunnels between the two but now only 1. And soon to be none!

[mcouture]

ok, figured there wasn't an issue....just me :-[

[mcouture]

Still can't figure out why it isn't working...

Site1 - OpnSense

interface: wg2
  public key: <<removed "P1">>
  private key: (hidden)
  listening port: 51840

peer: <<removed "P2">>
  endpoint: xxx.xxx.xxx.xxx:51840
  allowed ips: 192.168.200.0/24, 10.11.3.2/32
  transfer: 0 B received, 444 B sent
  persistent keepalive: every 10 seconds


Site2 - PFSense
interface: tun_wg0
  public key: <<removed "P2">>
  private key: (hidden)
  listening port: 51840

peer: <<removed "P1">>
  preshared key: (hidden)
  endpoint: xxx.xxx.xxx.xxx:51840
  allowed ips: 172.18.1.0/24, 10.11.3.1/32
  transfer: 61.57 KiB received, 38.42 KiB sent


* notice the peer at site one isn't receiving but is sending data....

** firewall rules on both sites are ok - udp port 51840 is open on wan interface and the wireguard interface has <any><any> rules in place

Any suggestions on where to look next?

[Demusman]

You'd have to provide more info.
What are the tunnel addresses?
This is a site to site but you have 2 /32 addresses allowed, what are they?

The biggest problem with Wireguard is there is no "Right way" of setting it up. Meaning there can be multiple ways to make it work and there should only be one.

Use the packet capture, are both sites reaching the WAN of the other site?
Did you set up the proper routes and gateways?