How to setup for WireGuard?

gustavo-iniguez-goya / opensnitch

OpenSnitch is a GNU/Linux application firewall

GNU General Public License v3.0

395 stars 20 forks source link

How to setup for WireGuard? #61

Closed kibernaut closed 3 years ago

kibernaut commented 4 years ago

Hi.

Wondering how to set up a OpenSnitch for the WireGuard to work? VPN does not work until you turn OpenSnitch off in GUI.

OS: Ubuntu
Window Manager: GNOME
Kernel version: Linux 5.4.0-45-lowlatency #49-Ubuntu SMP PREEMPT Wed Aug 26 15:06:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Version 20.04

Ph0rk0z commented 4 years ago

This is the same problem I had. If you default allow it will work but then that's kind of pointless as far as a firewall goes. You can pause and let it connect then unpause and I think the VPN stays. It must be something in newer linux as I don't have the problem on 18.0.4 but do on new arch and ubuntu 20

gustavo-iniguez-goya commented 4 years ago

Sorry for not take a look into ths problem before @Ph0rk0z . Reproduced and working on it.

gustavo-iniguez-goya commented 4 years ago

@kibernaut , can you add a rule to bypass wireguard traffic and let me know if it works?

iptables -t mangle -I OUTPUT -o wg0 -j ACCEPT # where wg0 is your WireGuard interface

This is the simplest way to do it.

gustavo-iniguez-goya commented 4 years ago

hey @kibernaut , I've just set up a wireguard VPN with opensnitch active and Default Action deny, and it worked.

Check [x] Intercept Unknown Connections, and you'll see an outgoing connection to the wireguard port. Allow it and it should work.

gustavo-iniguez-goya commented 3 years ago

if you reproduce this issue again, please reopen it, I'd like to troubleshooting it.

cccaballero commented 3 years ago

Hi @gustavo-iniguez-goya, I have the exact same issue using Ubuntu 20.04 and version 1.2.0, A college using Manjaro is struggling with this issue too.

themighty1 commented 3 years ago

Hi @cccaballero , this issue with having to pause/unpause for VPN to work has been fixed just a few days ago. If you could build from source this repo https://github.com/evilsocket/opensnitch and let us know if the problem went away, that would be great.

gustavo-iniguez-goya commented 3 years ago

@cccaballero , I built latest sources with the fix for this problem a few days ago for another issue, you can download the packages from here: https://github.com/gustavo-iniguez-goya/opensnitch/issues/134#issuecomment-771138842

or built it yourself as @themighty1 suggests.

cccaballero commented 3 years ago

@themighty1 @gustavo-iniguez-goya Thanks a lot!! Is working fine, I will notify If something fail, but right now seems to be working ok.

gustavo-iniguez-goya commented 3 years ago

These are really great news! thank you for let us know. kudos to @themighty1 .