Wireguard not starting
-
Hello
What more information do you need? -
I followed the manual you created step by step and still the service does not start and does not generate error logs.
-
@fabianorbatista , let's start with the problem statement:
Does Wireguard package not install, the service not start or the handshake not happen?If you want help, please provide more info.
And pfSense does generate logs: depending on the issue, you just need to look at the right spot.
Start with Status > system logsIn addition, at what step did the guide not work?
-
As described in my first message, the service does not start, listing the socket looks like the image above, as if something was listening on the port but it does not show the Wireguard service, the only error log I got was this one from the gateway like the print above. When I leave the WAN with the none option in IPv6, this gateway error disappears.
-
What gives you
sudo netstat -nlp | grep :51820or
sudo lsof -n -i :51820 | grep LISTENCan you post a screenshot of your interfaces and NAT outbound rules?
I assume that you are using ipv4 for the wireguard tunnel right?
Also, the current wireguard version is 0.2.9 and not 0.2.1. Can you confirm that you have the latest version? -
The netstat -nlp | grep command: 51820 the p parameter requires more arguments as shown in the print below
The lsof command does not exist in pfsense
I assume that you are using ipv4 for the wireguard tunnel right?
YesThe wireguard version installed on my pfsense is not yet updated
-
ok. so I just checked with my pfSense and I don't see any info with the netstat command (just like you).
What I see in Diagnostics > Sockets is the same info as in your 1 screenshot:
Can you please try the following:
- verify in VPN > WireGuard > Settings that "Enable is checked
- verify that you have assigned an interface to the network port in Interfaces > Interface Assignments
As for the wireguard package version. I just realized that the version is different on my pfSense Plus. Regulard pfSense has 0.2.1 meaning yours is up-to-date.
I also found some posts where users reported that removing the wireguard package WITHOUT keeping the configuration and then reinstall the package, did the trick.
--> "Keep Configuration" needs to be unckecked -
Sorry for the delay in the information below.
Yes, it is marked to enable
I have already reinstalled Wireguard with the "Keep Configuration" option disabled and the problem persists
-
The interface is Assignments
-
ok, maybe let's take a step back. You wrote that it works once you disable IPv6 in your WAN interface.
Are you using IPv6 at all? If yes, have you configure IPv6 for your wireguard tunnel?
Maybe it's worth checking out the video from Chris McDonald: https://www.youtube.com/watch?v=wYe7FzZ_0X8
Chris is the maintainer of the wireguard package for pfSense. In this video he shows the config for a wireguard tunnel for IPv4 AND IPv6