Jump to content
Not connected, Your IP: 18.118.32.6
anon1701

AirVPN, Wireguard & OpnSense

Recommended Posts

HI,
Hopefully by writing something here I can see what I am doing wrong. 
I am following the guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
I have downloaded a config file with some parts masked out:
[Interface]
Address = 10.xx.yy.zz/10, ipv6 address
PrivateKey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
DNS = 10.128.0.1, fd7d:76ee:e68f:a993::1

[Peer]
PublicKey = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
PresharedKey = CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Endpoint = 146.70.94.2:1637
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 15

So
Step 1: Configure Endpoint
I have used the public key BBBBBBBBBBBBBBBBBBBB and the Shared Secret (Pre Shared Key) CCCCCCCCCCCCCCCCCCCCCCCC
I have set the endpoint and port as in the file and set the keepalive to the number in the file as well.

Step 2: Configure Local Peer
A Public key has appeared as has a private key
Tunnel Address is as per the file 10.xx.yy.zz/10
Listen Port is randomly selected
Gateway is 10.xx.yy.(zz-1) as per instructions

Step 3: Turn on Wireguard

Step 4: Assign an Interface
No real config here - but again, followed the instructions.

Step 5: Restart Wireguard
Done

At this point I feel the tunnel should be up - unless I am misunderstanding things.
Looking at the OPNSense dashboard I get:
image.thumb.png.0c90b3f8878770bc19c54e59301b8761.png

The bit in blue is the public key from the config file
The bit in yellow is the Address 10.xx.yy.zz from the config file
However there is no sign of any tunnel on the AirVPN Sessions which has my 3 OpenVPN Sessions from other firewalls active and their is no handshake - but I am not sure what should be appearing there.

My Network Diagram is as at the bottom of this post


So Question 1: 
Am I correct - should I be showing a connection on "Your VPN Sessions" on AirVPN's dashboard or have I not reached that stage yet?


Moving on
Step 6 - Create a Gateway with the interface I created earlier and the 10.xx.yy.(zz-1) address I used earlier from the Interface section of the config file
Gateway is Online
Still no connection that I can see on AirVPN's Dashboard

I will stop here - cos at this point the gateway isn't coming up (with 100% packet loss). I would expect that the gateway should be up, even if I cannot route any packets across it at this point
image.thumb.png.d63ade7ceb81ffef6532666697ec63dd.png
The two yellow addresses are 10.xx.yy.(zz-1) followed by 10.xx.yy.zz

What am I doing wrong?
I have tried two different servers





 

image.png

Share this post


Link to post

The Edgemax & the Virgin Superhub are effectively the ISP router behind which I am running an Opnsense firewall. Do I need to port forward anything to the Opnsense box? I didn't think I had to

Share this post


Link to post

What catches my eye is this: "A Public key has appeared as has a private key."

Is your opnsense box creating its own private key and expecting you to install it at the endpoint?  You can't.  You need to do the opposite and take the public and private Interface keys from the AirVPN .conf file and install them in opnsense's Interface setup.

It's a guess, but maybe it will get thing moving!

Share this post


Link to post
Posted ... (edited)
On 7/4/2022 at 12:47 AM, Aardvark56 said:


What am I doing wrong?


thats really hard to say. I mean .. wow :D 
I guess you stuck to the howto then it should work, right ? maybe you can find something on the opnsense forums ...


 
19 hours ago, Aardvark56 said:

The Edgemax & the Virgin Superhub are effectively the ISP router behind which I am running an Opnsense firewall. Do I need to port forward anything to the Opnsense box? I didn't think I had to

couldn't you connect the opnsense box directly to the modem ? save some cost... Edited ... by tinigriffy

Share this post


Link to post

I use the virginmedia suprer hub + edgemax because when I got the thing I couldn't enter a route into the VM SuperHub. My main firewall is alongside the pfsense/opensense one and doesn't run NAT - so I need to route back to my main network

Its now working - I was misunderstanding the instructions
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...