Author Topic: Wireguard in opnsense (Read 96544 times)

tre4bax · « **Reply #135 on:** August 22, 2019, 04:51:03 pm »

I've not been able to keep this stable. Sometimes works sometimes doesn't. If I apply in Nat Rules that will break it and I have to go back and load an older config again.

Does everyone using it have two wireguard entries in the firewall rules. I think this might be what is doing it and can find no way to remove the auto added one.

mimugmail · « **Reply #136 on:** August 22, 2019, 04:54:15 pm »

If you enable WireGuard you will automatically have WireGuard in Rules. If you assign an Interface to it and name it WireGuard you will have two. If you assign, only use the assigned one and name it "WG" or something.

tre4bax · « **Reply #137 on:** August 22, 2019, 09:22:02 pm »

I did try that but could never re-establish a link once I had named the interface. I even tried going back to a before config and working my way back, and that failed at the same point. It has been getting just a little frustrating ;-)

I will go again and try to keep it all straight and see if I can get it working. When it DID work it was really good. It was just also really fleeting :-(

mimugmail · « **Reply #138 on:** August 22, 2019, 09:44:15 pm »

Sadly WireGuard has Bad logging, No fun to troubleshoot

ruggerio · « **Reply #139 on:** August 23, 2019, 09:54:38 am »

@tre4bax: i use only the default interface, which is made by the service itself. On it, have a rule, allowing all traffic.

Important: In NAT, you will have to change on hybrid, as you will have to nat also outgoing traffic, if using nat. You will have to enter a manual rule for your wireguard network there.

If you assigned wireguard to a separate network-interface, i am not sure, if this works properly.

Lemonmeth · « **Reply #140 on:** September 02, 2019, 12:53:04 am »

Holla!

A workaround is to use a server inside your network wich NATs incoming traffic to gateway then out to internet.

i got a wireguard-server on my LAN wich runs dietpiVM (80mb ram usage) i have forwarded the listening-port to the router wich routes all traffic thru mullvad (wich means that i have to portforward again in mullvads webinterface).
So i connect to the mullvad public ip + port to access my wireguardserver wich then routes it to the internet (via same mullvad tunnel).

result: I can access my home network + internet thru a secure tunnel + bonus using a piholeVM to block ads over tunnel aswell.

its not perfect but it works and its stable, i havent done any speedtests but havent noticed any latencies in real day to day using.

Hope this helps

marshalleq · « **Reply #141 on:** February 04, 2020, 09:54:38 pm »

I wonder if this is going to get easier now that Linus announced it's going to be included in the kernel.

mimugmail · « **Reply #142 on:** February 05, 2020, 05:57:39 am »

No, since the protocol itself didnt change.

fabiana · « **Reply #143 on:** February 28, 2020, 09:45:03 am »

BTW the devices from GL-iNet (such as the GL-AR750s) have a very nice GUI to wireguard server and to manage clients

.

Author Topic: Wireguard in opnsense (Read 96544 times)

tre4bax

Re: Wireguard in opnsense

mimugmail

Re: Wireguard in opnsense

tre4bax

Re: Wireguard in opnsense

mimugmail

Re: Wireguard in opnsense

ruggerio

Re: Wireguard in opnsense

Lemonmeth

Re: Wireguard in opnsense

marshalleq

Re: Wireguard in opnsense

mimugmail

Re: Wireguard in opnsense

fabiana

Re: Wireguard in opnsense