Wireguard in opnsense

Started by seitzbg, May 24, 2018, 07:54:08 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 5 6 7 8 9 10
User actions
February 19, 2019, 08:05:32 PM #90
When you hit save on all tabs a couple of times you will also have spurious reboots ;) it's a bug in FreeBSD kernel
March 06, 2019, 02:05:12 PM #91
Hi everyone !

I'm having an issue with my Wireguard setup on Opnsense. I don't know if my setup is wrong or if there's a bug with the plugin...

I'm in 2 WANs configuration and i want two Wireguard sessions, one on each WAN interface. The problem is : packets received on WAN2 interfarce are redirected to the good WG interface, but return packet is sent from WAN1 interface.
This configuration works great with OpenVPN : one server listenning on Localhost, NAT forwarding from WAN1 and WAN2 to 127.0.0.1 on the OpenVPN port. If session is initiated from a peer on WAN2 interface, reply is sent from WAN2 interface.
But with Wireguard it does not work : with one WG instance, and NAT redirection to 127.0.0.1 on each WAN on the same port, the answer is ALWAYS sent from WAN1 interface. Witch two instance of WG, and a different port for each, it's the same. I also try to add floating rule, with no interface choice, and source port of my second WG instance, and tell to pass and use the WAN2 gateway, but it seems to have no effect on it.

I don't know if my explanation is clear, but I can add screenshots or packet captures if needed.

Thank you for your help :).
March 13, 2019, 05:42:06 PM #92
Post your entire configuration file, for each peer please! We'll get you sorted out.
April 14, 2019, 10:46:17 PM #93
Do you know why the docs say to switch to development?

https://wiki.opnsense.org/manual/how-tos/wireguard-client.html?highlight=wireguard

I just simply installed it via the cmd line and it seems to be working quite fine as I have Production selected.
April 15, 2019, 04:16:06 PM #94
At the time of writing it was a dependency.
April 16, 2019, 11:42:11 AM #95
Quote from: Animosity022 on April 14, 2019, 10:46:17 PM
Do you know why the docs say to switch to development?

https://wiki.opnsense.org/manual/how-tos/wireguard-client.html?highlight=wireguard

I just simply installed it via the cmd line and it seems to be working quite fine as I have Production selected.

The wiki refers to the GUI guided installation. The GUI guided plugin install is only implemented on the development branch as the plugin is under development (as stated in the wiki). This does not limit you from installing this plugin manually from CLI on production (under the assumption that you know what you know what you are doing), but may result in unwanted side-effects. I guess you can see it as a disclaimer of sorts I and a safeguard to prevent a layman to mess up his production install through GUI.
April 16, 2019, 12:46:01 PM #96
I think switching over to the development branch would produce a bit more unwanted things rather testing the plugin :)
April 17, 2019, 05:20:24 PM #97
Is it possible to use OSPF with Wireguard?
April 17, 2019, 07:36:05 PM #98
Haven't tested yet but, BGP should be OK, Multicast via OSPF could be tricky.
April 18, 2019, 02:36:51 PM #99
Quote from: mimugmail on February 19, 2019, 08:05:32 PM
When you hit save on all tabs a couple of times you will also have spurious reboots ;) it's a bug in FreeBSD kernel
Do you (or someone) know what the roadmap is to get this fixed on freebsd side so we have some idea when wireguard on OPNsense will be stable?

thanks!
System1: Qotom Q310G4
System2: APU2C4
April 18, 2019, 09:31:46 PM #100
No roadmap, noone working on this actively
April 29, 2019, 03:17:27 PM #101
I've noticed one odd thing that seems to pop up. I have wireguard setup and in my local endpoint, I have DNS configured on OPT interface for my clients to hit 10.0.0.1 which is the proper interface I have setup.

I can see resolvconf overwrites my OPN /etc/resolv.conf with:

Code Select

# Generated by resolvconf
nameserver 10.0.0.1


Am I doing something wrong or missing something obvious as that is what I thought that DNS config was for.
April 29, 2019, 04:20:48 PM #102
Where exactly is the problem?
April 29, 2019, 04:24:43 PM #103
My /etc/resolv.conf on my system gets overwritten:

root@phoenix:~ # cat /etc/resolv.conf
domain animosity.us
nameserver 127.0.0.1

by

# Generated by resolvconf
nameserver 10.0.0.1

So I'm trying to get why WireGuard is triggering resolvconf to update my local system as that's not the intent as I want my clients to use that IP for DNS and not my OPN box.
April 29, 2019, 05:46:02 PM #104
This happens when you set a DNS for Wireguard .. just leave it blank
Print
Go Up Pages 1 ... 5 6 7 8 9 10
User actions