I’m totally confounded. I don’t know what I’m doing wrong. I am a newb to Opnsense but not homelabbing. have Opnsense running on a Lenovo M720Q with a i350-T4 and a riser.
I have followed multiple instructions for setting up Wireguard, most recently from Home Network Guy, and no matter what I do, I can’t get it to work. I will say my most recent attempt was closest but it still doesn’t work. The latest issue now shows that it’s connected but my phone just doesn’t have internet access. It says it’s connected but I can’t browse to any sites. It seems to be connected but it just can’t resolve any DNS. I tried changing the DNS server to Opnsense itself and my pihole. Neither works.
I am really frustrated here. I do like how much faster opnsense is than my TP Link Deco mesh router, but otherwise, it’s quite a bit harder to figure out.
Any help would be appreciated!
Update: I gave up. I installed Tailscale and that works for me. I don’t like relying on a third party but it gets the job done. I’m only using it for my personal use anyway. Thank you all for your help even if it didn’t work out
Some users have reported they needed to do the normalization step on the official documentation, but I’ve never had to do that on my home network configuration in the last 5-6 years of using WireGuard: WireGuard Road Warrior Setup — OPNsense documentation
It’s worth a try. Let me know if that helps!
Also it does sound like you may potentially have some DNS specific issues. That was the main issue I had when first learning to set up WireGuard long ago.
If you’re using Unbound DNS, you could use the interface IP of the WireGuard interface. Also need to have the appropriate firewall rules to allow access to port 53 on that interface. The WireGuard client needs to have the DNS server specified in the client configuration as well.
Do you have an allow rule on the wireguard interface?
Does your client have allowed ips set to all and uses the opnsense nic ip as the DNS?
There are a few different ways to use wireguard. Common ones include:
-
Access to your home services from outside your between by connecting in to your firewall
-
Access to the internet tunneled through your home firewall while outside
-
Access from your firewall to a third-party providing connectivity for an internal between (i.e. for privacy)
The last is the hardest. I’m guessing you’re trying to the middle one?
If I understand it correctly, you been able to connect to your network with Wireguard from your device (phone?) but can’t access internet from it? Are you able to accesses internal stuff? If you can do that, it seems that you don’t have any rule to forward traffic to the internet from the Wireguard interface.
Are the firewall rules setup correctly?
Is your dns resolver set to listen on your wireguard interface?
Mss set correctly? (this one got me recently, I had normalization setup but only had it set to in and not any, caused some sites not to load)
Follow this guy. Got mine setup in minutes, and works like a dream……
Can you ping outside IPs like 1.1.1.1 when connected?
Do you have firewall rules and NAT outbound setup? Can you post your firewall rules and NAT rules? Can you post your phone’s config with private info redacted? What do firewall logs say?
There are several things it could be, and none of the debugging information necessary is included in your post.
Two possible solutions from my own experience:
- Click the apply button on the wireguard instances page after adding the new peer through the peer generator.
- Change the MTU parameter in the advanced settings of your wireguard instance to something lower like 1412
i was having similar issues getting wireguard to work. my solution was to manually restart the wireguard service in the service panel after i had set it all up and made connections attempts. i even tried to spin up a a new install of opnsense on my proxmox to test and it was having the same issues. This simple workaround helped me. i saw a post on the opnsense forum that showed this was a fix for someone else. as long as all your interfaces are setup correctly and you have the forward rules set correctly too , including any routing to your internal lan i hope the above may help.
When I set up wireguard on opnsense the thing that was causing issues for me was that I hadn’t assigned the wireguard interface under Interfaces → Assignments.
u/Forsaken_Ad242
Try starting from scratch using this guy’s tutorial. The only thing different is that you can skip the plugin installation step. Click on more information in the video for a link to his step by step written guide as well. This guy is direct and to the point in his vieos and there is no extra dialog going on… Just the exact steps to get it set up and running. Might be worth a shot.
https://youtu.be/qX1Y91ko7uc?si=n291wL37kDax9PQT
Did I read you also have a pi-hole in your setup? If so would it be possible to temporarily remove it simplifying things a bit?
I set the dns to use opnsense ip. Is that what you mean?
I do but to be honest I’m not sure I set that correctly
Perhaps I need to specifically allow port 53 for DNS. I’ll give that a try. Thanks a for your help
Thank you. I want access to my network internally and externally through my opnsense router
Thanks for asking. I’m not able to access internal or external when I get connected through my VPN
I’ll try it again and add that info
