Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard suddenly refuses to handshake

    Scheduled Pinned Locked Moved WireGuard
    45 Posts 11 Posters 26.2k Views 11 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      n3IVI0 @sLy1337
      last edited by n3IVI0

      @sly1337 Yeah. But more experimental in the "breaks out of the dungeon in your mountain lair, rampages through the village" kind of experimental. I just wish it worked. My pfSense box is configured perfect. I'd hate to have to go to Opnsense just to get a working implementation of Wireguard.

      1 Reply Last reply Reply Quote 0
      • N Offline
        n3IVI0
        last edited by

        I think I found the solution for 0.1.6_2. Once your tunnel is setup with peers, you have your tun_wg0 Interface, and the Mullvad Gateway has been created, you have to temporarily switch Default Gateway over to the WAN. If you do this, the handshake will complete. I don't know why this works. I have tried switching to multiple peers. Each time, set Default Gateway to WAN, let the handshake complete, then switch it back to Mullvad Gateway and you're good to go. If anybody has any notion of what is causing this, speak up. I have a basic setup, like the Netgate website recommends. Nothing fancy. Basic firewall outbound NAT and rules.

        Bob.DigB 1 Reply Last reply Reply Quote 0
        • Bob.DigB Offline
          Bob.Dig LAYER 8 @n3IVI0
          last edited by

          @n3ivi0 said in Wireguard suddenly refuses to handshake:

          Each time, set Default Gateway to WAN, let the handshake complete, then switch it back to Mullvad Gateway and you're good to go.

          It is warned about almost everywhere that you shouldn't make WG the default gateway, never. Make your WAN the default gateway and then use policy based routing for actually routing stuff to the WG gateway.

          N 1 Reply Last reply Reply Quote 0
          • N Offline
            n3IVI0 @Bob.Dig
            last edited by n3IVI0

            @bob-dig Thank you. That was indeed the problem. I got some bad guidance from another guide. I went back and doublechecked the Mullvad guide for pfSense: https://mullvad.net/en/help/pfsense-with-wireguard/

            It has recently been updated. And that's what they recommended to do. Fixed my firewall, and I'm back in black.

            Thanks again for the tip.

            1 Reply Last reply Reply Quote 0
            • L Offline
              linkusnet
              last edited by

              Went months without issue then would drop the connection and wouldn't reconnect. I rebooted the pfSense and the MT-1300 and no luck. I rebuilt the VPN's on both sides, changed keys and no luck. Sometimes I'd wait a couple hours and it would connect again for a few hours or as long as 20 hours.

              I changed the port to 51281 on both sides and it's been up for 2 days.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.