Cannot Get Wireguard to Handshake w/ Mullvad
-
Followed the guide here: https://mullvad.net/en/help/pfsense-with-wireguard
Followed it carefully. Multiple times to make sure I am doing it exactly as described.
This same guide has worked in the past. Recently I had to do a clean install.
I am on 24.03. I have only the WAN and LAN configured. Only Wireguard installed. Nothing fancy. Basic setup, so I can connect my laptop to the pfSense box, and access the internet.
I setup the tunnel and peer for Mullvad. Activated WireGuard. No handshake. Cannot get this thing to connect.
I cannot get a handshake no matter what I try. (tried all the port forwarding and special WAN rules for port 51820 --> doesn't fix it).
Any ideas?
Is there something wrong with Wireguard package 0.2.2_1 that is causing this?
-
@n3IVI0 First, that WAN rule is allowing anyone on the Internet full access to your system. You should probably delete that rule.
Next, post your screenshots of your Wireguard config. -
@Jarhead It is the exact config as the instructions detail. I can't post it without most of it being redacted, from all the keys. Yeah, I know. I was trying to open it in case anything was blocking.
I am going to try leaving it on 23.09 and installing WireGuard on that to see if the problem is with the upgrade to 24.03 and FreeBSD 15.
-
@n3IVI0 That did not work. So the problem is NOT the newest version of pfSense.
Per the instructions from Mullvad:
SSH'd in, generated my keypair.
Got the correct IP.cd /usr/local/etc/wireguard/
wg genkey | tee privkey | wg pubkey > pubkey
echo "public wireguard key"; cat pubkey; echo; echo "private wireguard key"; cat privkey
curl https://api.mullvad.net/wg/ -d account=YOURMULLVADACCOUNTNUMBER --data-urlencode pubkey=YOURPUBLICKEY | tee mullvad-ipCreated the tunnel and peer, activated WireGuard. Nothing. I have done this exact process in the past. Nothing has changed.
-
Saw this in the log:
Set WAN to be the default gateway. Still no handshake.
-
@n3IVI0 The problem is people always say "I did everything right so why isn't it working?"
Well, obviously you didn't do everything right or it would be working. But no one can help you if you don't post pics of what you did.
So the only thing I can say is go back and follow the instructions again.
I will say I know you didn't do it right because you were supposed to create a new gateway and your last post would be the hint you need to get it working.
So that would be a good place to start in the instructions. -
@Jarhead Thanks Mom.
Anybody on here with useful information or advice?
-
@n3IVI0 Don't use a firewall-appliance, get something simpler, maybe OpenWRT.
-
This post is deleted! -
@n3IVI0 Even I use OpenWRT for all my WireGuard-Privacy-VPN-Clients, not pfSense. Maybe the linux support is a factor.
-
@n3IVI0 said in Cannot Get Wireguard to Handshake w/ Mullvad:
@Jarhead Thanks Mom.
Anybody on here with useful information or advice?
Yes. You've already been given it. You just don't want to listen.
-
@Jarhead Dude. I did. You have nothing useful to say. Your response is "RTFM". If that worked, I wouldn't be in here asking questions. Something is causing the handshake operation to fail. That's what I'm trying to figure out.
-
@n3IVI0 My setup was correct. The problem was on Mullvad's end. The first server in my list was one of their Houston servers. It's a fast server, one I tend to use a lot. And it was first in line. That server appears to be down. None of my clients will connect to it. The moment I tried to connect to a different one, it connected immediately.
And yes, I should have thought of that. I am working through some jet lag at the moment. DOH.
Been running in circles for days trying to figure this out.
