Help with WG setup pls !

chudak · Jul 28, 2021, 4:27 PM

Here is my configuration in pic.

Was able to make iPhone client to get thru WAN FW rule and establish a successful handshake, but iPhone was not resolving names (even tho can ping 8.8.8.8 and WG DHCP server IP) and I saw DHCP server the red status and errors in logs:

/status_services.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid igb1 igb2 tun_wg0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.2-P1 Copyright 2004-2021 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpd.conf Database file: /var/db/dhcpd.leases PID file: /var/run/dhcpd.pid Wrote 0 class decls to leases file. Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 117 leases to leases file. Unsupported device type 23 for "tun_wg0" If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'

/services_unbound.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid igb1 igb2 tun_wg0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.2-P1 Copyright 2004-2021 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpd.conf Database file: /var/db/dhcpd.leases PID file: /var/run/dhcpd.pid Wrote 0 class decls to leases file. Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 127 leases to leases file. Unsupported device type 23 for "tun_wg0" If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'

I see status as:

Any help appreciated!
Thx

bigsy · Jul 28, 2021, 6:07 PM

@chudak I have this working successfully with a variety of remote access clients. I'd try the following:

Peer config - set allowed IP address to the desired tunnel IP address for your peer, e.g. 10.0.20.2/32 if your interface IPv4 address is 10.0.20.1/24
Get rid of the DHCP server
Configure your iPhone with these settings:

[Interface]
PrivateKey = zzzzzzz
Address = 10.0.20.2/24
DNS = 10.0.20.1

[Peer]
PublicKey = xxxxxx
PresharedKey = yyyyyyy
Endpoint = external_ip_address:59820
AllowedIPs = 0.0.0.0/0

chudak · Jul 28, 2021, 7:20 PM

@bigsy

Thanks that helped me find my typo!

I had Address = 10.0.20.2/32 instead of 10.0.20.2/24 on iPhone.

Now my phone is resolving fine.

I keep DCHP server off for WIREGUARD2 (not sure how else to Get rid of the DHCP server)

Still odd DHCP having problems with this setup ...

bigsy · Jul 28, 2021, 6:31 PM

@chudak By 'get rid of' I simply meant to disable the DHCP server on the WG interface as it's not needed

chudak · Jul 28, 2021, 6:45 PM

@bigsy said in Help with WG setup pls !:

@chudak By 'get rid of' I simply meant to disable the DHCP server on the WG interface as it's not needed

That error on DHCP seems like a real bug in WG.

chudak · Jul 29, 2021, 7:52 PM

@bigsy

FYI https://redmine.pfsense.org/issues/12175 - needs clean up

chudak · Jul 30, 2021, 2:35 PM

This post is deleted!