Pfsense Wireguard to VPS - No handshake
-
Hi All, I need some help to get a wireguard tunnel to a cloud server. I have followed several different guides but I never get a handshake. I have unticked the "save configuration" option and removed & installed the Wireguard package between guides.
I do not anything helpful in Status>System Logs>System>General
I have given set a specific interface and given it the same static ip as assigned by the 'server' for the client (10.13.13.2)
I have the following FW rules:
Wireguard default Int:
Dedicated WG_VPN Int:
I can connect with android phone using the Wireguard app without any problems, so I'm pretty certain it's my pfsense config. I've run out of ideas - can anyone help?
-
@Owen82 Allowed IPs have to include the other side (peer).
MTU looks not optimal. -
@Bob-Dig Thanks for taking the time to try to help, I tried adding the peer subnet, still no handshake and then tried just adding 10.13.13.1/32 - no dice.
I had heard that the tunnel will only be created if there is traffic for it, is that true? I tried a ping to 10.13.13.1 just in case (failed).
I tried again with a ping whilst doing a packet capture on the WG_VPN Int and there was no traffic at all, no sure what's going on.
Does it matter that there is no route for the 10.13.13.1 address? Is this somehow handled internally with WG?
-
@Owen82 They both should be in it.
Remove any rules you have except allow anything for testing. And set keep alive with 25 seconds for testing. Set a port in the VPS as well.
