OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Development and Code Review (Moderator: fabian) »
  • Wireguard in opnsense
« previous next »
  • Print
Pages: [1] 2 3 ... 10

Author Topic: Wireguard in opnsense  (Read 50897 times)

seitzbg

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Wireguard in opnsense
« on: May 24, 2018, 07:54:08 pm »
With the addition of Wireguard clients to freebsd ports, is it possible to get this added to Opnsense?

TIA,

https://svnweb.freebsd.org/ports?view=revision&revision=470763
https://svnweb.freebsd.org/ports?view=revision&revision=470762
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 10101
  • Karma: 768
    • View Profile
Re: Wireguard in opnsense
« Reply #1 on: May 24, 2018, 10:20:46 pm »
This may provide a bit of context.... https://twitter.com/opnsense/status/999746722015469568 :D


Cheers,
Franco
Logged

JohnDoe

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Wireguard in opnsense
« Reply #2 on: June 20, 2018, 09:51:29 am »
Hello,

as the twitter post was nearly one month ago, I was wondering if there's already an ETA for the wireguard package?

Kind Regards,
JD
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 5076
  • Karma: 350
    • View Profile
Re: Wireguard in opnsense
« Reply #3 on: June 20, 2018, 11:44:34 am »
It's already there ...

pkg install wireguard

via CLI.
Logged
IRC: mimugmail
Twitter: mimu_muc
WWW: www.routerperformance.net

JohnDoe

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Wireguard in opnsense
« Reply #4 on: June 20, 2018, 12:07:26 pm »
Ah, thanks a lot for pointing that out!
Couldn't find anything on the forum search nor in any of the latest release notes...

Cheers,
JD
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 10101
  • Karma: 768
    • View Profile
Re: Wireguard in opnsense
« Reply #5 on: June 21, 2018, 10:31:37 am »
Hi,

We don't do release notes for development changes. Wireguard is also still in alpha phase, so even if somebody writes a plugin it won't be in the release for as long as they say it shouldn't be used in production.

I also don't know what their ultimate time frame is.


Cheers,
Franco
Logged

l0rdraiden

  • Jr. Member
  • **
  • Posts: 56
  • Karma: 4
    • View Profile
Re: Wireguard in opnsense
« Reply #6 on: August 09, 2018, 09:01:50 am »
Some news

https://www.phoronix.com/scan.php?page=news_item&px=Linus-Likes-WireGuard
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 5076
  • Karma: 350
    • View Profile
Re: Wireguard in opnsense
« Reply #7 on: August 09, 2018, 09:16:32 am »
Some more news:

https://github.com/opnsense/plugins/pull/779
Logged
IRC: mimugmail
Twitter: mimu_muc
WWW: www.routerperformance.net

deddey

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 2
    • View Profile
Re: Wireguard in opnsense
« Reply #8 on: August 20, 2018, 06:00:57 am »
how can i test it?
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 5076
  • Karma: 350
    • View Profile
Re: Wireguard in opnsense
« Reply #9 on: August 20, 2018, 06:51:24 am »
Via Console:

pkg install os-wireguard-devel
opnsense-patch -c plugins 202b7c9

Then you have Wireguard under VPN.

This guide will be released when the pkg is stable:
https://github.com/mimugmail/docs/blob/master/source/manual/how-tos/wireguard-s2s

Logged
IRC: mimugmail
Twitter: mimu_muc
WWW: www.routerperformance.net

rantwolf

  • Full Member
  • ***
  • Posts: 112
  • Karma: 5
    • View Profile
Re: Wireguard in opnsense
« Reply #10 on: August 23, 2018, 12:31:27 am »
Hey.
I just want to try this VPN but I have trouble during setup the tunnels.
Trying the docs from mimugmail.
Firewall rules are set on both WAN interfaces for the port 51820.
Firewall rules to allow all traffic in both directions on the interfaces for the test are enabled.

Site A:
Tunnel Address: 10.25.20.1/24
Code: [Select]
interface: wg0
  public key: (hidden)
  private key: (hidden)
  listening port: 51820

peer: (hidden)
  endpoint: <IP from Site B>:51820
  allowed ips: 192.168.116.0/24, 192.168.117.0/24
  latest handshake: 11 minutes, 37 seconds ago
  transfer: 240 B received, 43.31 KiB sent


Site B:
Tunnel Address: 192.168.116.1/24
Code: [Select]
interface: wg0
  public key: (hidden)
  private key: (hidden)
  listening port: 51820

peer: (hidden)
  endpoint: <IP from Site A>:51820
  allowed ips: 10.25.20.0/24
  latest handshake: 9 minutes, 8 seconds ago
  transfer: 29.53 KiB received, 2.59 KiB sent

PING test from Site A > Site B:
Code: [Select]
ping 192.168.116.10
PING 192.168.116.10 (192.168.116.10): 56 data bytes
^C
--- 192.168.116.10 ping statistics ---
334 packets transmitted, 0 packets received, 100.0% packet loss

Where is my problem?
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 5076
  • Karma: 350
    • View Profile
Re: Wireguard in opnsense
« Reply #11 on: August 23, 2018, 06:43:24 am »
I think you should have at least one tunnel network, where server is e.g. 10.12.12.1/24 and endpoint 10.12.12.2/24. the remote networks can be set in addition to route them
Logged
IRC: mimugmail
Twitter: mimu_muc
WWW: www.routerperformance.net

rantwolf

  • Full Member
  • ***
  • Posts: 112
  • Karma: 5
    • View Profile
Re: Wireguard in opnsense
« Reply #12 on: August 27, 2018, 11:35:22 pm »
Hey.
I still have problems with testing wireguard.

I think the tunnel is up.
But no trafficflow > in the firewall logs: wg0 default deny rule
I'm confused. There is a new interface under assignments: wg0 with zero dotted MAC.

Is this right? What should I do with this interface?
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 5076
  • Karma: 350
    • View Profile
Re: Wireguard in opnsense
« Reply #13 on: August 28, 2018, 07:03:04 am »
Please dont assign it. Can you post screenshot of Server/Endpoints tab and firewall rules?
Logged
IRC: mimugmail
Twitter: mimu_muc
WWW: www.routerperformance.net

rantwolf

  • Full Member
  • ***
  • Posts: 112
  • Karma: 5
    • View Profile
Re: Wireguard in opnsense
« Reply #14 on: August 29, 2018, 12:13:22 am »
Hi.
Here are the screenshots:

Site-A:
https://ibb.co/kPWzv9
https://ibb.co/hizKv9
firewall-rules:
Interface: https://ibb.co/n1tONp
WAN: https://ibb.co/iKf3Np


Site-B:
https://ibb.co/jGrchp
https://ibb.co/kv76a9
firewall-rules:
Interface: https://ibb.co/nuxiNp
WAN: https://ibb.co/cAv3Np

If I ping from Site-B to Site-A
I get this in firewall-logs on Site-A:
https://ibb.co/fo1A2p
« Last Edit: August 29, 2018, 12:16:12 am by rantwolf »
Logged

  • Print
Pages: [1] 2 3 ... 10
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Development and Code Review (Moderator: fabian) »
  • Wireguard in opnsense
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2