Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] wireguard issue

    Scheduled Pinned Locked Moved Plus 25.11 Snapshots
    4 Posts 2 Posters 109 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      p1erre
      last edited by p1erre

      Since upgrading to the RC (1811 and 2611), I am no longer able to establish a remote wireguard connection. The following error message appears on the remote device:

      2025-11-28 08:15:53.355227: [NET] DNS64: mapped xx.xx.xx.xx to itself.
2025-11-28 08:15:53.355279: [NET] peer(exm3…l8wo) - UAPI: Updating endpoint
2025-11-28 08:15:53.355397: [NET] Routine: receive incoming v4 - stopped
2025-11-28 08:15:53.355412: [NET] Routine: receive incoming v6 - stopped
2025-11-28 08:15:53.355618: [NET] UDP bind has been updated
2025-11-28 08:15:53.355656: [NET] Routine: receive incoming v6 - started
2025-11-28 08:15:53.355697: [NET] Routine: receive incoming v4 - started
2025-11-28 08:15:53.414332: [NET] Network change detected with satisfied route and interface order [pdp_ip0, pdp_ip0, utun9]
2025-11-28 08:15:53.415026: [NET] DNS64: mapped xx.xx.xx.xx  to itself.
2025-11-28 08:15:53.415211: [NET] peer(exm3…l8wo) - UAPI: Updating endpoint
2025-11-28 08:15:53.415434: [NET] Routine: receive incoming v4 - stopped
2025-11-28 08:15:53.415487: [NET] Routine: receive incoming v6 - stopped
2025-11-28 08:15:53.415834: [NET] UDP bind has been updated
2025-11-28 08:15:53.415862: [NET] Routine: receive incoming v4 - started
2025-11-28 08:15:53.415937: [NET] Routine: receive incoming v6 - started
2025-11-28 08:15:53.418883: [NET] peer(exm3…l8wo) - Sending handshake initiation
2025-11-28 08:15:58.476188: [NET] peer(exm3…l8wo) - Sending handshake initiation
2025-11-28 08:16:03.554026: [NET] peer(exm3…l8wo) - Sending handshake initiation
2025-11-28 08:16:08.883325: [NET] peer(exm3…l8wo) - Handshake did not complete after 5 seconds, retrying (try 2)

      All outgoing tunnels are functioning as expected.

      P 1 Reply Last reply Reply Quote 0
      • P Offline
        pst @p1erre
        last edited by

        @p1erre I just tested my rarely used remote wireguard connection on RC-2611 and it connected fine.

        My setup has a port forward of 51820 to the correct WG instance but apart from that is a "standard" config AFAIK.

        Make sure all relevant NAT rules are enabled. If you rely on a DDNS for the WG connection check that the IP is correct. To start debugging, you can verify that the WG handshake is received in pfSense by packet trace on the WAN and port "your WG port".

        P 1 Reply Last reply Reply Quote 0
        • P Offline
          p1erre @pst
          last edited by p1erre

          @pst Thank you for your assistance. I identified the issue, which was not related to WireGuard; all incoming traffic was blocked. The limiters were responsible for the error. After disabling them, everything functioned as expected.

          same like there: https://forum.netgate.com/post/1229105

          P 1 Reply Last reply Reply Quote 0
          • P Offline
            pst @p1erre
            last edited by

            @p1erre said in [solved] wireguard issue:

            same like there: https://forum.netgate.com/post/1229105

            but the bug fix for redmine#16475 should be in the latest RC, so disabling limiters shouldn't be required? I had a limiter for buffer bloat active on the WAN when I tested earlier, so perhaps what you saw was another bug manifesting? Btw, I didn't test remote access WG in any of the previous 25.11 versions so I have nothing to compare with.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.