Wireguard in opnsense

Started by seitzbg, May 24, 2018, 07:54:08 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3 ... 10
User actions
May 24, 2018, 07:54:08 PM
With the addition of Wireguard clients to freebsd ports, is it possible to get this added to Opnsense?

TIA,

https://svnweb.freebsd.org/ports?view=revision&revision=470763
https://svnweb.freebsd.org/ports?view=revision&revision=470762
May 24, 2018, 10:20:46 PM #1
This may provide a bit of context.... https://twitter.com/opnsense/status/999746722015469568 :D


Cheers,
Franco
June 20, 2018, 09:51:29 AM #2
Hello,

as the twitter post was nearly one month ago, I was wondering if there's already an ETA for the wireguard package?

Kind Regards,
JD
June 20, 2018, 11:44:34 AM #3
It's already there ...

pkg install wireguard

via CLI.
June 20, 2018, 12:07:26 PM #4
Ah, thanks a lot for pointing that out!
Couldn't find anything on the forum search nor in any of the latest release notes...

Cheers,
JD
June 21, 2018, 10:31:37 AM #5
Hi,

We don't do release notes for development changes. Wireguard is also still in alpha phase, so even if somebody writes a plugin it won't be in the release for as long as they say it shouldn't be used in production.

I also don't know what their ultimate time frame is.


Cheers,
Franco
August 09, 2018, 09:01:50 AM #6
August 09, 2018, 09:16:32 AM #7
August 20, 2018, 06:00:57 AM #8
how can i test it?
August 20, 2018, 06:51:24 AM #9
Via Console:

pkg install os-wireguard-devel
opnsense-patch -c plugins 202b7c9

Then you have Wireguard under VPN.

This guide will be released when the pkg is stable:
https://github.com/mimugmail/docs/blob/master/source/manual/how-tos/wireguard-s2s

August 23, 2018, 12:31:27 AM #10
Hey.
I just want to try this VPN but I have trouble during setup the tunnels.
Trying the docs from mimugmail.
Firewall rules are set on both WAN interfaces for the port 51820.
Firewall rules to allow all traffic in both directions on the interfaces for the test are enabled.

Site A:
Tunnel Address: 10.25.20.1/24
Code Select
interface: wg0
  public key: (hidden)
  private key: (hidden)
  listening port: 51820

peer: (hidden)
  endpoint: <IP from Site B>:51820
  allowed ips: 192.168.116.0/24, 192.168.117.0/24
  latest handshake: 11 minutes, 37 seconds ago
  transfer: 240 B received, 43.31 KiB sent



Site B:
Tunnel Address: 192.168.116.1/24
Code Select
interface: wg0
  public key: (hidden)
  private key: (hidden)
  listening port: 51820

peer: (hidden)
  endpoint: <IP from Site A>:51820
  allowed ips: 10.25.20.0/24
  latest handshake: 9 minutes, 8 seconds ago
  transfer: 29.53 KiB received, 2.59 KiB sent


PING test from Site A > Site B:
Code Select
ping 192.168.116.10
PING 192.168.116.10 (192.168.116.10): 56 data bytes
^C
--- 192.168.116.10 ping statistics ---
334 packets transmitted, 0 packets received, 100.0% packet loss

Where is my problem?
August 23, 2018, 06:43:24 AM #11
I think you should have at least one tunnel network, where server is e.g. 10.12.12.1/24 and endpoint 10.12.12.2/24. the remote networks can be set in addition to route them
August 27, 2018, 11:35:22 PM #12
Hey.
I still have problems with testing wireguard.

I think the tunnel is up.
But no trafficflow > in the firewall logs: wg0 default deny rule
I'm confused. There is a new interface under assignments: wg0 with zero dotted MAC.

Is this right? What should I do with this interface?
August 28, 2018, 07:03:04 AM #13
Please dont assign it. Can you post screenshot of Server/Endpoints tab and firewall rules?
August 29, 2018, 12:13:22 AM #14 Last Edit: August 29, 2018, 12:16:12 AM by rantwolf
Hi.
Here are the screenshots:

Site-A:
https://ibb.co/kPWzv9
https://ibb.co/hizKv9
firewall-rules:
Interface: https://ibb.co/n1tONp
WAN: https://ibb.co/iKf3Np


Site-B:
https://ibb.co/jGrchp
https://ibb.co/kv76a9
firewall-rules:
Interface: https://ibb.co/nuxiNp
WAN: https://ibb.co/cAv3Np

If I ping from Site-B to Site-A
I get this in firewall-logs on Site-A:
https://ibb.co/fo1A2p
Print
Go Up Pages1 2 3 ... 10
User actions