Hi guys,
I am trying to fugure out the wireguad setup for hours now. As well I used tcpdum for traffic capture.
Not able to get handshake with wireguard.
Here is my setup
First made sure that forwarding is enabled.
root@OpenWrt:/etc/config# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
root@OpenWrt:/etc/config#
/etc/config/network
config interface 'wg0'
option proto 'wireguard'
option private_key 'GA9FhJ/Tsxxxxxxxxxxxxxxxxxxxxxxxxx'
option listen_port '51822'
list addresses '172.31.0.2/24'
config wireguard_wg0
option description 'wireguardSite2Site'
option public_key '+HikL/0rM7xxxxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '172.31.0.0/24'
list allowed_ips '10.1.1.0/24'
option endpoint_host 'opnsense.xxxxxxxxxxxxxx.com'
option endpoint_port '51822'
option route_allowed_ips '1'
config interface 'wg1'
option proto 'wireguard'
option private_key 'eLx2A6xxxxxxxxxxxxxxxxxxxxxx'
list addresses '10.10.10.1/24'
option listen_port '51820'
config wireguard_wg1
option description 'wireguardRoadwarrior'
list allowed_ips '10.10.10.2/32'
#option route_allowed_ips '1'
#option endpoint_port '51820'
option public_key 'r7eKIfxxxxxxxxxxxxxxxxxx'
/etc/config/firewall
config forwarding
option src 'vpn'
option dest 'wan'
config forwarding
option src 'vpn'
option dest 'lan'
config forwarding
option dest 'lan'
option src 'wg'
config forwarding
option dest 'wg'
option src 'lan'
config zone
option name 'wg'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'wg'
config rule
option dest_port '51820-51830'
option src 'wan'
option name 'Allow-WG'
option target 'ACCEPT'
root@OpenWrt:/etc/config#
Created the keys
root@OpenWrt:/etc/wireguard# wg genkey | tee wgserver.key | wg pubkey > wgserver.pub
root@OpenWrt:/etc/wireguard# wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
tcpdump shows only incomming traffic from client to lan interface but wireguard ist not answering / handshaking
Tried the windows client on lokal lan for first test :
[Interface]
PrivateKey = uDVAYxxxxxxxxxxxxxxxxxxxxx
Address = 10.10.10.2/32
[Peer]
PublicKey = r7eKIfkl9/Y6mcpxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 10.10.10.0/24
Endpoint = 192.168.134.230:51820
You see, the public key on both boxes is same.
Open connection with windows box:
![2021-09-26 17_02_59-Window|564x333](upload://m84aQgtsP5QYXpF0PWSZwdlV5Gr.jpeg)
Message on windows client.
Cannot get handshake.
![2021-09-26 17_04_49-Window|643x500](upload://5I3f6voyaSNLJa3KFIRdzP5yg1W.jpeg)
I have checked 100 times the keys.
As well I have disabled the firewall 100 times to locate the error.
With tcp dump I can see, that the fraffic is comming in from internal client on port 51820.
But the wireguard interface is not answering.
Perhaps I am too stupid to locate the error.
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
16:45:15.408646 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:15.408713 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:20.458973 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:20.459059 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:25.540554 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:25.540609 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:30.594370 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:30.594462 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:35.612499 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:35.612566 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:40.682409 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
16:45:40.682465 IP 192.168.134.39.62058 > 192.168.134.230.51820: UDP, length 148
Perhaps someone who has experienced this error can help cause I am totally stuck.