WireGuard stable? First working, now internet connection crash when WG activated

Started by o58rHtfJdDiU3p, July 20, 2025, 09:28:06 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 20, 2025, 09:28:06 AM Last Edit: July 20, 2025, 09:31:24 AM by o58rHtfJdDiU3p Reason: clarification
I was just making my first steps with OPNsense and WireGuard.

After some learining I managed to get my first WG_Clients instance running. For testing I added my notebook, table and my phone.

First everything was working fine.

Then I did "something", please don't ask me what, I followed several different tutorials and then suddenly my whole network crashed in a sense that internet wasn't working and even other LAN <-> LAN connections without any WG clients activated or installed were not able to ping or communicate. So devices that should be independent to WG are not working any more. Luckyly the connection to the OPNsense firewall is still open that I am able to change settings.

So in the end I am at that point where I enable any WG Instance and my networking crashes fully reproduceable.

WG logs are empty.

I tried removing the WG interface and also removed and recreated the WG instance; still the same problem.

I went through all of my settings multiple times and I am really sure that it should work that way. I also see, when I activate the WG server and just ignore that the internet brakes, that the WG client tools are showing they have a connection and transmitting data. So I guess the VPN tunnel is OK?

And the IP config should be also fine.
LAN: 10.1.1.1/16
WG_Clients: 10.2.1.1/16
eg notebook: 10.2.2.2/32

it is also not working with my own DNS server (pihole) or google 8.8.8.8 .

And the WG port 51821, since 51820 is blocked by my fritzbox since it also supports WG...
But that should be fine since it was already working on 51821.

I added the WAN 51821 firewall rule and a general allow rule for the WG network.

I had some special routing configs but I removed everything and configured it to auto...

Can somebody help me find and point a finger to somewhat that can rise these issues?

I also noticed that the WG UI is kind of buggy.
eg the Peer generator can't save the newly created peers. So I was thinking, how stable is the WireGuard core at all in the OPNsense implementation?

Hope you can help, thanks.
July 20, 2025, 09:51:30 AM #1
That "something" must have broken your config. So you have to find out what it was.

If you followed different guides for Wireguard setup, they may have been for different purposes. Some do:

1. Wireguard road warrior setups to allow a client to connect from remote.
2. Wireguard site-to-site setups to connect two LANs with one another.
3. Wireguard setups to have some or all clients connect via a VPN provider like NordVPN to hide your true identity.

Those setups are incompatible with one another if you follow them blindly.

Maybe you put firewall rules in that do policy routing or try to avoid any traffic that does circumvent the VPN route (point 3).
Maybe your routes are too broad so that all of your traffic goes over the VPN (points 2 and 3).
Maybe you created firewall rules that block traffic.


Only you can tell. However, you can always use "System: Configuration: History" to compare the last configurations and restore one that works. Maybe just go back one day and try.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
July 20, 2025, 10:16:20 AM #2
Quote from: meyergru on July 20, 2025, 09:51:30 AMThat "something" must have broken your config. So you have to find out what it was.

If you followed different guides for Wireguard setup, they may have been for different purposes. Some do:

1. Wireguard road warrior setups to allow a client to connect from remote.
2. Wireguard site-to-site setups to connect two LANs with one another.
3. Wireguard setups to have some or all clients connect via a VPN provider like NordVPN to hide your true identity.

Those setups are incompatible with one another if you follow them blindly.

Maybe you put firewall rules in that do policy routing or try to avoid any traffic that does circumvent the VPN route (point 3).
Maybe your routes are too broad so that all of your traffic goes over the VPN (points 2 and 3).
Maybe you created firewall rules that block traffic.


Only you can tell. However, you can always use "System: Configuration: History" to compare the last configurations and restore one that works. Maybe just go back one day and try.


Thanks for you post.

It's definately just 1.) the changes I made shouldn't come to this result, as far as I understand networking but I am no expert...

The system - configuration - history just blew my mind.
Very cool feature I was not aware of.
I reverted to an older config and now it ist working again.
thanks.
Print
Go Up Pages1
User actions