Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,667

    Default

    If it's not handshaking then you've configured your client incorrectly, or you've not forwarded UDP 51820 to your Untangle.

    And for the record, I did read your original post... several times. Did so twice again just now. Nothing in that post indicates to me you've actually tried to deploy this solution. What I interpret is theory crafting on the possibility.

    And it most certainly IS possible. And once again if you can't handshake, then something is wrong with the UDP stream getting to Untangle. That could be a client configured to connect to the wrong IP address, a lack of a port forward on the upstream router that owns the appropriate IP address... something in that chain.

    Now, if you can't route over the tunnel once its built! THAT's something else, and probably a lack of a static route to support the IP range wireguard is using.
    Last edited by sky-knight; 02-19-2021 at 10:32 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untangler
    Join Date
    May 2017
    Posts
    58

    Default

    Quote Originally Posted by sky-knight View Post
    If it's not handshaking then you've configured your client incorrectly, or you've not forwarded UDP 51820 to your Untangle.

    And for the record, I did read your original post... several times. Did so twice again just now. Nothing in that post indicates to me you've actually tried to deploy this solution. What I interpret is theory crafting on the possibility.

    And it most certainly IS possible. And once again if you can't handshake, then something is wrong with the UDP stream getting to Untangle. That could be a client configured to connect to the wrong IP address, a lack of a port forward on the upstream router that owns the appropriate IP address... something in that chain.

    Now, if you can't route over the tunnel once its built! THAT's something else, and probably a lack of a static route to support the IP range wireguard is using.
    Quote Originally Posted by thetoad30 View Post
    Understood about the license. That's fine.

    How would I achieve this with a single-nic? I have set it up, but the handshake won't complete. I'm sure I have the interfaces incorrect.
    My mistake. It was the second reply I had.

    Regardless, the assumptions aren't necessary. I'm asking for help. If you want to help, I'd appreciate it. If you want to make assumptions and try to admonish me, please move on. I'm trying to get a solution before the 14 days runs out.

    That being said - UDP is forwarded properly, and correct IP is being used in the client. Is it just supposed to connect?

    Routing is my next issue - do I set up a static route from internal WireGuard IP pool to the external nic address in Untangle?

    Thank you.

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,667

    Default

    I'm trying to help!

    Wireguard doesn't "connect", it just "works". The packets are either signed correctly and delivered to the service, or they aren't.

    The route I'm talking about doesn't go in Untangle, Untangle already knows about that network. The route goes in whatever is the default gateway for your network. That device needs to know about the IP range you're using in Wireguard, and where to send it.

    The last bit you may need, and again I've not tried this so I'm not certain. But you might have to create access rules to allow traffic to and from the wireguard IP range sourced from the external interface. I say this because under normal circumstances you don't have internal traffic passing into and out of the WAN interface. I'm also not quite sure if that should be a set of access rules, or filter rules. I'd have to lab that and test.

    But the wireguard client should allow you to ping Untangle itself once connected, and that connection only requires the port forward, and a client configured with the appropriate public key and public IP address.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2