24.1.2 Wireguard does not work after updating

Started by H3n, February 20, 2024, 06:37:11 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 3 4 5 6
User actions
May 06, 2024, 05:44:18 AM #60
Did you open new threads and posted config? Too many different problems here
May 07, 2024, 01:37:11 AM #61 Last Edit: May 07, 2024, 02:13:05 AM by Gizmo
Hi all,

Has a fix been determined?

I've just upgraded (If one can call it that), from 23.7.12 to 24.1.6 - Same issue as identified, wireguard achieves a handshake but does not pass data through, despite having all the same settings that worked in 23.7.12.

In my case, I'm using wireguard for general policy routed nord VPN (Have used this setup for about 1.5 years without problems at gigabit speeds).

One thing I have noticed, which could be contributing to the problem:
My previous WG interface, I tried changing the MSS value, and it provides an error message "Cannot assign an IP configuration type to a tunnel interface" - Which is interesting as this was not an issue in 23.7.12. After seeing this, I checked my DHCPv4 for the WG tunnel, and noticed this is not enabled due to not having an IP range. Not sure if this is the root of the problem or not, but thought I'd mention it here if it helps.

I can confirm all the following are in tact:
Gateway
WG interface
WG peer
WG instance
WG handshake
FW rules
NAT rules

Cheers

[EDIT: Major breakthrough, I changed my WG interface to IPV4 configuration type to NONE and the tunnel started working immediately]
May 07, 2024, 03:36:43 AM #62
I recently found out my wireguard does not work anymore. I only use it rarely. The android client log shows handshake not completed.
I went through every step of the Road Warrior Setup and it all seems to be fine except that normalization rule was missing. Didn't help to add this.
May 13, 2024, 03:26:20 PM #63 Last Edit: May 13, 2024, 08:15:36 PM by TheEther
Updated to 24.4 Business last week from the 23 branch. Late to the party a bit. Wireguard not working for me as well. At this point I'm going to delete the WG interface, instances and redo WireGuard from scratch as I've seen others say that's what they had to do. My Clients connect and start sending data but data not received. I tried to fix the current config by ensuring it was aligned with the road warrior docs but that didn't fix it.

UPDATE:

So... I'm an idiot. My issue was the OPNSense DynDNS client wasn't working and had reverted to native backend instead of ddclient. Firewall IP resolution from the client was wrong. WireGuard working now.
May 14, 2024, 10:42:49 PM #64
I managed to resolve this issue. Most of the S2S VPN connections were using the DNS name of the peer instead of the IP address. I am using DNS over TLS, which somehow didn't resolve these two VPN sites correctly. I changed their DNS names to IP addresses, and they started working. I thought I'd share my resolution here.
Happy Owner DEC3862
A network is only as strong as its weakest link—build wisely, secure thoroughly, and optimize endlessly.
May 22, 2024, 02:05:22 AM #65
Yup, after the upgrade DOT DNS couldn't resolve in order to load Wireguard.
I've tried lowering DNSSEC standards and it helped, at least the BOGUS or NXDOMAIN responses lasted "only" 10sec, so the boot was fast, and WG successful.
I will not use IPs. IPs change.
I just hope Adguard will move to the early part of the boot sequence, so I don't need to use Unbound just to satisfy (unreliably) the boot process.
May 23, 2024, 11:10:30 PM #66 Last Edit: May 24, 2024, 08:33:08 PM by Cipher
Quote from: 36thchamber on May 22, 2024, 02:05:22 AM
Yup, after the upgrade DOT DNS couldn't resolve in order to load Wireguard.
I've tried lowering DNSSEC standards and it helped, at least the BOGUS or NXDOMAIN responses lasted "only" 10sec, so the boot was fast, and WG successful.
I will not use IPs. IPs change.
I just hope Adguard will move to the early part of the boot sequence, so I don't need to use Unbound just to satisfy (unreliably) the boot process.

i have resolve it before with change the dns name of the extern site to the ip, after the last update OPNsense 24.1.7_4-amd64 has crashes it.
i am using DOT too.

Edit: ive got it resolved. Make sure to check the wireguard plug in. Somehow it disappeared. Reinstall it
Happy Owner DEC3862
A network is only as strong as its weakest link—build wisely, secure thoroughly, and optimize endlessly.
June 02, 2024, 04:45:03 PM #67
I have the same problems with wireguard
But today I lost a little more time.
I updated to the latest version OPNsense 24.1.8-amd64
and it stopped working.
It says status as connected but I can't do any ping.
I reviewed all the firewall rules, etc., etc., by chance I restart the Lobby>Dashboad menu in the services menu... I restart wireguard and the VPN works again without problems.
After restart it stops working again.
I do the same procedure again, go to Lobby>Dashboad in the services menu... I restart wireguard and the VPN works again without problems.
Something about the startup that goes wrong.
June 15, 2024, 08:27:49 PM #68 Last Edit: June 15, 2024, 08:30:15 PM by fabrice
For those with such issues I suggest adding firewall rules for each wireguard specifically allowing traffic to itself. In my case it solved the handshake but no ping/traffic issues.

Spent a long time debugging and that solution solved my issue. I saw the traffic was getting there with tcpdump but wasn't answering and setting rules, when appropriate, allowing traffic for example from wg0 to/form wg0 solved those issues.

Somehow the default/automatic rules were blocking traffic between the wireguard clients or client / server.
June 17, 2024, 10:35:36 AM #69
Quote from: voodoopt on June 02, 2024, 04:45:03 PM
I have the same problems with wireguard
But today I lost a little more time.
I updated to the latest version OPNsense 24.1.8-amd64
and it stopped working.
It says status as connected but I can't do any ping.
I reviewed all the firewall rules, etc., etc., by chance I restart the Lobby>Dashboad menu in the services menu... I restart wireguard and the VPN works again without problems.
After restart it stops working again.
I do the same procedure again, go to Lobby>Dashboad in the services menu... I restart wireguard and the VPN works again without problems.
Something about the startup that goes wrong.

what exaclty did you do?

I've did the upgrade from 23.7.6 to 24.1.8 and my wireguard tunnel (incoming) stopped working, the site2site is still okay.
Incoming tunnels are coming up (latest handshake is shown at opnsense) and i've got traffic in the firewall logs on the WG interface - but the "return route" seems not to be working.
June 18, 2024, 01:10:34 PM #70
Upgrading here to OPNsense 24.1.9-amd64 just now and wg stops for me as well , restart via service fix the issue.
June 25, 2024, 11:13:47 PM #71 Last Edit: June 26, 2024, 05:56:27 AM by surfer
[deleted]
June 26, 2024, 10:18:38 AM #72 Last Edit: June 26, 2024, 03:37:51 PM by rfox
Quote from: xkpx on June 18, 2024, 01:10:34 PM
Upgrading here to OPNsense 24.1.9-amd64 just now and wg stops for me as well , restart via service fix the issue.

I can confirm same issue with bare metal install - updated to latest 24.1.9_4 - Wireguard does not work after fresh start - need to restart service manually - and many times I get handshake, but only local traffic - not internet
Very unstable compared to previous releases . . .
June 30, 2024, 12:30:41 PM #73
I can confirm same issue, update to 24.1.9 opnsense webgui do not start up, not internet, wireguard must be disable an all service must be restart
July 03, 2024, 09:50:14 AM #74
It doesn't really help when people with problems just jump in without further informations.
Best to open a new thread with following informations:

- Last known working version
- Scenario
- Problem description
- Screenshots of Instance and Endpoint details

Please be sure there is no general problem with the wireguard implementation so most of the time (99%) it's a configuration issue which pops up due to some other event.
Print
Go Up Pages 1 ... 3 4 5 6
User actions