Wireguard in opnsense

Started by seitzbg, May 24, 2018, 07:54:08 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 8 9 10
User actions
August 22, 2019, 04:51:03 PM #135
I've not been able to keep this stable.  Sometimes works sometimes doesn't.  If I apply in Nat Rules that will break it and I have to go back and load an older config again.

Does everyone using it have two wireguard entries in the firewall rules.  I think this might be what is doing it and can find no way to remove the auto added one.
August 22, 2019, 04:54:15 PM #136
If you enable WireGuard you will automatically have WireGuard in Rules. If you assign an Interface to it and name it WireGuard you will have two. If you assign, only use the assigned one and name it "WG" or something.
August 22, 2019, 09:22:02 PM #137
I did try that but could never re-establish a link once I had named the interface.  I even tried going back to a before config and working my way back, and that failed at the same point.  It has been getting just a little frustrating ;-)

I will go again and try to keep it all straight and see if I can get it working.  When it DID work it was really good.  It was just also really fleeting :-(
August 22, 2019, 09:44:15 PM #138
Sadly WireGuard has Bad logging, No fun to troubleshoot
August 23, 2019, 09:54:38 AM #139
@tre4bax: i use only the default interface, which is made by the service itself. On it, have a rule, allowing all traffic.

Important: In NAT, you will have to change on hybrid, as you will have to nat also outgoing traffic, if using nat. You will have to enter a manual rule for your wireguard network there.

If you assigned wireguard to a separate network-interface, i am not sure, if this works properly.
September 02, 2019, 12:53:04 AM #140 Last Edit: September 02, 2019, 01:29:35 AM by Lemonmeth
Holla!

A workaround is to use a server inside your network wich NATs incoming traffic to gateway then out to internet.

i got a wireguard-server on my LAN wich runs dietpiVM (80mb ram usage) i have forwarded the listening-port to the router wich routes all traffic thru mullvad (wich means that i have to portforward again in mullvads webinterface).
So i connect to the mullvad public ip + port to access my wireguardserver wich then routes it to the internet (via same mullvad tunnel).

result: I can access my home network + internet thru a secure tunnel + bonus using a piholeVM to block ads over tunnel aswell.

its not perfect but it works and its stable, i havent done any speedtests but havent noticed any latencies in real day to day using.

Hope this helps
February 04, 2020, 09:54:38 PM #141
I wonder if this is going to get easier now that Linus announced it's going to be included in the kernel.
February 05, 2020, 05:57:39 AM #142
No, since the protocol itself didnt change.
February 28, 2020, 09:45:03 AM #143
BTW the devices from GL-iNet (such as the GL-AR750s) have a very nice GUI to wireguard server and to manage clients :).
Print
Go Up Pages 1 ... 8 9 10
User actions