AirVPN, Wireguard & OpnSense

[anon1701 0]

HI,
Hopefully by writing something here I can see what I am doing wrong. 
I am following the guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
I have downloaded a config file with some parts masked out:
[Interface]
Address = 10.xx.yy.zz/10, ipv6 address
PrivateKey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
DNS = 10.128.0.1, fd7d:76ee:e68f:a993::1

[Peer]
PublicKey = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
PresharedKey = CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Endpoint = 146.70.94.2:1637
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 15

So
Step 1: Configure Endpoint
I have used the public key BBBBBBBBBBBBBBBBBBBB and the Shared Secret (Pre Shared Key) CCCCCCCCCCCCCCCCCCCCCCCC
I have set the endpoint and port as in the file and set the keepalive to the number in the file as well.

Step 2: Configure Local Peer
A Public key has appeared as has a private key
Tunnel Address is as per the file 10.xx.yy.zz/10
Listen Port is randomly selected
Gateway is 10.xx.yy.(zz-1) as per instructions

Step 3: Turn on Wireguard

Step 4: Assign an Interface
No real config here - but again, followed the instructions.

Step 5: Restart Wireguard
Done

At this point I feel the tunnel should be up - unless I am misunderstanding things.
Looking at the OPNSense dashboard I get:


The bit in blue is the public key from the config file
The bit in yellow is the Address 10.xx.yy.zz from the config file
However there is no sign of any tunnel on the AirVPN Sessions which has my 3 OpenVPN Sessions from other firewalls active and their is no handshake - but I am not sure what should be appearing there.

My Network Diagram is as at the bottom of this post


So Question 1: 
Am I correct - should I be showing a connection on "Your VPN Sessions" on AirVPN's dashboard or have I not reached that stage yet?

Moving on
Step 6 - Create a Gateway with the interface I created earlier and the 10.xx.yy.(zz-1) address I used earlier from the Interface section of the config file
Gateway is Online
Still no connection that I can see on AirVPN's Dashboard

I will stop here - cos at this point the gateway isn't coming up (with 100% packet loss). I would expect that the gateway should be up, even if I cannot route any packets across it at this point

The two yellow addresses are 10.xx.yy.(zz-1) followed by 10.xx.yy.zz

What am I doing wrong?
I have tried two different servers





 

[anon1701 0]

The Edgemax & the Virgin Superhub are effectively the ISP router behind which I am running an Opnsense firewall. Do I need to port forward anything to the Opnsense box? I didn't think I had to

[SurprisedItWorks 49]

What catches my eye is this: "A Public key has appeared as has a private key."

Is your opnsense box creating its own private key and expecting you to install it at the endpoint?  You can't.  You need to do the opposite and take the public and private Interface keys from the AirVPN .conf file and install them in opnsense's Interface setup.

It's a guess, but maybe it will get thing moving!

[tinigriffy 1]

On 7/4/2022 at 12:47 AM, Aardvark56 said:

What am I doing wrong?

thats really hard to say. I mean .. wow  
I guess you stuck to the howto then it should work, right ? maybe you can find something on the opnsense forums ...

 

19 hours ago, Aardvark56 said:

The Edgemax & the Virgin Superhub are effectively the ISP router behind which I am running an Opnsense firewall. Do I need to port forward anything to the Opnsense box? I didn't think I had to

couldn't you connect the opnsense box directly to the modem ? save some cost... Edited ... by tinigriffy

[Wolke68 5]

in the wireguard thread is a video for pfsense maybe it could help you

 

[anon1701 0]

I use the virginmedia suprer hub + edgemax because when I got the thing I couldn't enter a route into the VM SuperHub. My main firewall is alongside the pfsense/opensense one and doesn't run NAT - so I need to route back to my main network

Its now working - I was misunderstanding the instructions