Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
[SOLVED] Wireguard problems with 23.7.8 (TCP Retransmission, Ping works)
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Wireguard problems with 23.7.8 (TCP Retransmission, Ping works) (Read 1954 times)
robgnu
Full Member
Posts: 122
Karma: 8
[SOLVED] Wireguard problems with 23.7.8 (TCP Retransmission, Ping works)
«
on:
November 11, 2023, 12:35:22 pm »
Hello everyone,
I am aware of some problems with the current stable version of OPNsense. I had a well working Firewall on 23.7.7 but one of our team has some problems with openvpn. So I decided to install Wireguard. The plugin installation forced me to upgrade to 23.7.8 first. (This is not a nice thing. I think it should be possible to install a plugin with a version that is one or two minor releases behind.)
After installation I lost IPv6 connectivity, which could be solved with a command @franco posted here. (Thanks!)
Now the problem: After configuring and connecting via Wireguard, I am able to ping all machines through the tunnel behind the OPNsense. But when I try to connect via SSH or RDP to a machine, this does not work. It makes no difference between IPv4 or IPv6.
You can find a wireguard screenshot at this post:
- Lines 1-8 showing the working ping from the client (192.168.98.2) to a machine behind the firewall (192.168.100.250)
- Lines 9-34 showing the packets when I try to connect via SSH. The connection failed (timeout).
Any ideas what may be the problem here?
Thanks!
Robert
«
Last Edit: November 11, 2023, 09:21:31 pm by robgnu
»
Logged
jt-socal
Newbie
Posts: 14
Karma: 0
Re: Wireguard problems with 23.7.8 (TCP Retransmission, Ping works)
«
Reply #1 on:
November 11, 2023, 01:51:46 pm »
Try going into Firewall, NAT, Outbound and hit save. I have a similar problem.
Logged
schmuessla
Newbie
Posts: 49
Karma: 1
Re: Wireguard problems with 23.7.8 (TCP Retransmission, Ping works)
«
Reply #2 on:
November 11, 2023, 01:54:29 pm »
Looks like the typical MTU problem.
Wireguard has overhead of 60 Bytes (IPv4) or 80 Bytes (IPv6) That's what you have to substract from regular Interface.
WG defaults to 1420 which is valid if your WAN has an MTU of 1500 Bytes (e.g. Cable connection).
But DSL over PPPoE has 1492 which makes it 1412 for wg when tunnel is established via IPv6. But you may even have to go further down. I have here a mobile network that operates on MTU=1472
Logged
robgnu
Full Member
Posts: 122
Karma: 8
Re: Wireguard problems with 23.7.8 (TCP Retransmission, Ping works)
«
Reply #3 on:
November 11, 2023, 09:21:12 pm »
Hi schmuessla,
thank you for your hint. You are right!
I changed the MTU from (empty) to 1412 and the connection works fine. Thank you very much!
Nevertheless, there must have been a change recently, because other installations work without manual adjustment.
Best regards
Robert
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
[SOLVED] Wireguard problems with 23.7.8 (TCP Retransmission, Ping works)