firewall interface not accessible from Wireguard net

Started by deeler, February 06, 2026, 09:46:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2026, 09:46:47 AM
Hi! congrats on the 26 version

Upgrade went smooth. The only issue I have is that my Wireguard client can't access the firewall's webinterface/ssh anymore.
From the wireguard client, I can ping the firewall and I can also access everything else in the LAN network... Just not the firewall interface.

ChatGPT recommended me to assign & enable the "WG0" interface and then under System - Settings - Administration, allow the interface to listen to the WG0 interface (only LAN was selected).
That still doesn't work.
In the legacy rules I now have 'WG0' interface, as well as 'Wireguard (group)'

Is it cause I'm still running legacy rules ? I haven't gone over the migration wizard yet.

thanks

Today at 12:18:39 PM #1
Hello together,
same problem here. No more Wireguard traffic on client after the Upgrade to 26.1. I still have to move the Legacy Firewall rules following the migration assistant.
Thx.
Today at 01:34:21 PM #2
You should create a WG interface, for your WG instance as this is the recommended deployment.

SSH for the FW can bind to all interfaces or particular ones. The ones that are selected are the ones SSH daemon will listen to.
Which IP of which Interface do you try to connect to?
Is that IP of that interface you set SSH listen to?

Additionally you need rules to allow ssh traffic from source on its interface/GW.
Do you allow ssh on the WG?

I would advice as well to follow the docs rather than an AI chatbot that often misinterprets deployments and instructions
https://docs.opnsense.org/manual/how-tos/wireguard-client.html
https://docs.opnsense.org/manual/settingsmenu.html#secure-shell

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Today at 03:30:15 PM #3
Hello,

after the firewall rules migration everthings works fine. Only Wireguard still does not. The WG logbook gives:

/usr/local/opnsense/scripts/wireguard/wg-service-control.php: The command </usr/bin/wg syncconf 'wg0' '/usr/local/etc/wireguard/wg0.conf'> returned exit code 1 and the output was "Name does not resolve: `mydomain.com:51820' Configuration parsing error".

Ideas?
Print
Go Up Pages1
User actions