WireGuard

This is an automated archive.

The original was posted on /r/wireguard by /u/cheezycheek on 2024-01-20 18:36:42+00:00.

---

I have a Macbook Pro with macOS Big Sur 11.7.10. and need to download wireguard. I tried through MacPorts (first time doing such thing) and have been tryin to figure out a way to, once the port is installed, open the WireGuard app. I´ve been guessing and found out what might be the only way to open the app: through the "load" command. Although, once i do that, the following message shows:

fernando@MacBook-Pro-de-Fernando ~ % sudo port load wireguard-go

Error: Failed to load wireguard-go: Launchd plist /Library/LaunchDaemons/org.macports.wireguard-go.plist was not found

Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_wireguard-go/wireguard-go/main.log for details.

Error: Follow if you believe there

is a bug.

Error: Processing of port wireguard-go failed

What can i do? Am i even doing the apropriate thing to get to open and run the app? Thanks in advance.

This is an automated archive.

The original was posted on /r/wireguard by /u/TheCudder on 2024-01-20 17:52:47+00:00.

---

My Setup

• Wireguard (wg-easy) running in Docker (we'll refer to this as WGEx).

**Note:* This setup works as intended when connecting directly via Wireguard client apps.

• GL iNET Beryl AX (GL-MT3000) travel router connecting to the WGEx as a Wireguard Client.
• Device connected to the travel router, with the intent of using the Beryl AX VPN tunnel connection without having each connected device connect to the Wiregurad VPN server. (We'll refer to see this externally connected device as zDev).
• WGEx's IP is 10.8.0.1
• zDev is connected to 192.168.2.0/24 (different external network)
• My LAN network is 192.168.1.0/24

My Issue

• After successfully connecting the Beryl AX travel router as a "Wireguard Client" to WGEx, traffic doesn't appear to travel or function as intended when accessed from zDev.
• From zDev, I cannot browse to any of my hosted services by name or IP Address:Port, and that being said...
• From zDev, I can successfully ping these IP's on my LAN, so long as a specify each exact IP address as an "AllowedIP". So not why sure I can see them, but can't access their consoles via web browsers.
• When trying to authenticate to my LAN's file server from zDev, from my LAN file server I can see successful authentication entries, and the source is the WGEx host....but I never actually get into the file server from zDev.
• Building on to that, trying to use something like 192.168.0.1/24 doesn't appear to allow work to access for example, 192.168.1.25...I instead have to specify "192.168.1.25" as an allowed IP.

Any ideas, advice on how to correct this?

wg-easy - Docker Config

version: '3.8'
services:
  wg-easy:
    #image: weejewel/wg-easy
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    environment:
      - WG_HOST=vpn.mydomain.com
      - PASSWORD=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      - WG_DEFAULT_DNS=192.168.1.254
      - WG_ALLOWED_IPS=10.8.0.1, 192.167.1.160, 192.168.1.162, 192.168.1.164, 192.168.1.166, 192.168.1.168, 192.168.1.254
      #- WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
      #- WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
      #- WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
      #- WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
    volumes:
      - wg-easy-data:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    restart: unless-stopped

Default Post Up

PostUp =  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; 

Peer Config (for Beryl AX Travel Router)

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 10.8.0.4/24
DNS = 192.168.1.254

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PresharedKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.8.0.1, 192.167.1.160, 192.168.1.162, 192.168.1.164, 192.168.1.166, 192.168.1.168, 192.168.1.254
PersistentKeepalive = 0
Endpoint = vpn.mydomain.com:51820

GL iNET Admin Console & Beryl AX Notes

• VPN Client > Proxy Mode > "Auto Detect" selected (note: Internet breaks with this set to "Global Proxy" and I believe any other otion as well)
• Internet traffic over connected clients works
• VPN Client > Wireguard Client: Traffic statistics reports 12.48 KB down / 17.45 KB up (this always reports 10-20KB) which makes it seem traffic is not being tunneled while in "Auto Detect")
• VPN Client > Wireguard Client: is set for "IP Masquerading"
• Network > DNS: Reports DNS from Wireguard: 192.168.1.254, Mode is Automatic

This is an automated archive.

The original was posted on /r/wireguard by /u/Weak-Competition-385 on 2024-01-20 11:10:38+00:00.

---

Hey guys,

I've been using wireguard on my homelab for a while.

I have an application running in an EC2 instance (ubuntu server) and I want to connect that instance to my wireguard network at home. I tried installing the client, but the moment i run sudo wg-quick up wg0 I lose network connection to the EC2 instance. (I suspect something breaks with the NIC)

Do you know a way I can connect the instance to my Wireguard network?

Any ideas not only solutions are welcomed.

Thanks on advance.

This is an automated archive.

The original was posted on /r/wireguard by /u/Prestigious_Sell_877 on 2024-01-20 08:06:52+00:00.

---

Hello,

So currently we have our VPN working externally meaning making VPN connections to the server works and is possible to visit each individual docker container from the VPN ip (Example 10.8.0.1:8096)

Issues we are currently having is Sonarr is unable to connect/reach externally when we want to search any tv-series. We've changed the docker compose file multiple times.

What changes would we need to do so we can put sonarr, radarr, etc behind a VPN (Wireguard) while allowing them to still be able to download?

Any help or assistance would be helpful.

version: "3.9"
name: media-stack
services:
  qbittorrent:
    container_name: qbittorrent
    image: lscr.io/linuxserver/qbittorrent:4.6.2
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
      - WEBUI_PORT=5080
    volumes:
      - qbittorrent-config:/config
      - torrent-downloads:/downloads
    ports:
      - 5080:5080
      - 6881:6881
      - 6881:6881/udp
    restart: "unless-stopped"

  radarr:
    container_name: radarr
    image: lscr.io/linuxserver/radarr:5.2.6
    network_mode: service:wireguard
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
#    ports:
#     - 7878:7878
    volumes:
      - radarr-config:/config
      - torrent-downloads:/downloads
    restart: "unless-stopped"

  sonarr:
    image: custom-sonarr
    container_name: sonarr
    cap_add:
      - NET_ADMIN
    network_mode: "service:wireguard"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    #command: [ "/bin/bash", "-c", "wg-quick up wg0 && /init" ]  # Start WireGuard then Radarr
    volumes:
      - sonarr-config:/config
      - torrent-downloads:/downloads
      - ./sonarrvpn:/etc/wireguard/
#    ports:
#      - 8989:8989
    restart: unless-stopped

  prowlarr:
    container_name: prowlarr
    image: linuxserver/prowlarr:1.11.4
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - prowlarr-config:/config

    # Comment below ports if VPN is enabled.
    ports:
      - 9696:9696
    restart: unless-stopped

  jellyfin:
    image: linuxserver/jellyfin:10.8.13
    container_name: jellyfin
    network_mode: service:wireguard
 #   networks:
 #     - wireguard
 #     - default  # Allows access from both VPN and local network
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - jellyfin-config:/config
      - torrent-downloads:/data
  #  ports:
  #    - 8096:8096
  #    - 7359:7359/udp
  #    - 8920:8920
    restart: unless-stopped

  wireguard:
    environment:
      # ⚠️ Required:
      # Change this to your host's public address
      - WG_HOST=PUBLICIP

      # Optional:
      - PASSWORD=password
      - WG_PORT=51820
      # - WG_DEFAULT_ADDRESS=10.8.0.x
      - WG_DEFAULT_DNS=1.1.1.1
      # - WG_MTU=1420
      - WG_ALLOWED_IPS=0.0.0.0/0
      # - WG_PERSISTENT_KEEPALIVE=25
      # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
      # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
      # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
      # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt

    image: ghcr.io/wg-easy/wg-easy
    container_name: wireguard
    volumes:
      - ./etc_wireguard:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - wireguard

volumes:
  torrent-downloads:
  radarr-config:
  sonarr-config:
  prowlarr-config:
  jellyfin-config:
  qbittorrent-config:
  # cleanmyarr-config:

networks:
  wireguard:
    name: wireguard
    driver: bridge
#  default:
#    driver: host

This is an automated archive.

The original was posted on /r/wireguard by /u/NoobMaster2787 on 2024-01-20 05:04:09+00:00.

---

Hey everyone

So I got pi-hole on proxmox running as a container and I wanted to setup a vpn server. I made an ubuntu server vm that had pivpn installed I had it set to use pihole dns and upon setting up ubuntu server I had it set to use a static IP and I had the dns to be my pi-hole IP. Once I finished I got my config file to my laptop but when I connect to the vpn I get no internet acess. I have forward the correct ports for wireguard on my router but nothing worked. I can see bytes being sent and received on both the client and the host but there is just not internet acess. Any advice to help fix this would be much appreciated.

Thx for looking

This is an automated archive.

The original was posted on /r/wireguard by /u/Dependent-Western133 on 2024-01-20 03:02:12+00:00.

---

I'm trying to set up a travel VPN using my apartment wifi. My brother was able to set up my other VPN (same equipment but had to buy it again) using my parent's home wifi when I went to England and it was perfect- the IP address resolved to that house in the northeast. Now I'm trying to set up one with the same devices using the wifi in my Midwest home. My internet gateway is Zyxel and after reading online it seems that this hardware doesn't support wireguard. I don't know what I'm doing and wanted to know if someone could verify this and give me some potential next steps to get this VPN working. Should I try to get a new modem (CenturyLink is my ISP), or maybe switch to Xfinity (I see their equipment is also in my wifi box. That's for the help and any suggestions!!

This is an automated archive.

The original was posted on /r/wireguard by /u/ZealousidealEntry870 on 2024-01-19 22:05:36+00:00.

---

Is there a way for me to get WireGuard working on my UDM Pro using a vps as the public facing IP? Goal would be to have access to my entire LAN.

This is an automated archive.

The original was posted on /r/wireguard by /u/mhmert on 2024-01-19 18:23:51+00:00.

---

Hi have two docker configs, both in the same network. One for pihole and one for wireguard.

Is there a way to point the wireguard dns to my pihole without using an IP but using the pihole container's hostname?

version: "3.4"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - SERVERPORT=51820 #optional
      - PEERS=2 #optional
      - LOG_CONFS=true #optional
    volumes:
      - ./configWG:/config
      - /lib/modules:/lib/modules #optional
      - /usr/src:/usr/src
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    dns:
      - 172.22.0.2

    networks:
      - pihole_pihole_net

    restart: unless-stopped
networks:
  pihole_pihole_net:
    name: network_pihole
    external: true

docker inspect network_pihole:

"Containers": { "xxxb": { "Name": "wireguard", "EndpointID": "xxxa, "MacAddress": "a:a:a:a:a:a", "IPv4Address": "172.22.0.3/16", "IPv6Address": "" }, "xxxa": { "Name": "pihole", "EndpointID": "xxxb", "MacAddress": "b:b:b:b:b:b", "IPv4Address": "172.22.0.2/16", "IPv6Address": "" } }, "Options": {}, "Labels": { "com.docker.compose.network": "pihole", "com.docker.compose.project": "networks", "com.docker.compose.version": "2.21.0" }

This is an automated archive.

The original was posted on /r/wireguard by /u/J450n_com on 2024-01-19 15:59:25+00:00.

---

Hey folks, I’m new to all of this and I’m looking for a simple solution where by a couple of independent users can all connect via a v-wan as if they’re in the same room. No servers in the mix just want to connect a couple workstations within the same subnet. Needs to be easy and cheap. I heard somewhere if you had a couple of “gl inet” routers you could use the same wireguard setting in both, but that didn’t seem right.

This is an automated archive.

The original was posted on /r/wireguard by /u/Syph3rx on 2024-01-19 15:10:07+00:00.

---

UPDATE

Fixed! Apparently it was super easy. All I had to do is add 192.168.1.150 (my pihole ip), as the first DNS Server.

So in Network Manager it looks something like this:

IPv4 Settings > DNS servers: 192.168.1.50,1.1.1.1,10.x.x.x (ip that wireguard/proton assigned).

I hope this helps someone who was in the same boat as me.

Below is the original post:

.

.

Hello everyone, I hope you are all doing well.

I have a question about VPN (specifically wireguard).

My Setup:

• My own rig is Arch with Network Manager. I installed openvpn plugin and can use it to add my wireguard config to connect. Which works, when running curl ifconfig.io I get VPN External IP. (Using .conf instead of .ovpn, since with ovpn it wont connect, keeps asking me for "password").
• Selfhosted Pi-hole server, purely for ad blocking but also for DNS records. lets say the IP is 192.168.1.150:9000 and domain is pihole.local.domain.com.

on the DNS records, I have a bunch of services i run internally (pass manager, portainer, proxmox, notes taking, etc etc). for example: 192.168.1.160:9000 will be notes.local.domain.com (only accessible from within my network, not from outside/internet).

What I want:

Connect to VPN, have VPN globally enabled for everything. (already works)

But, ignore my local DNS (pihole). Lets say 192.168.1.150 with (sub)-domains: *.local.domain.com.

The Issue:

When I am connected to VPN (protonVPN), everything works. curl ifconfig.io shows vpn external ip.

navigating to 192.168.1.160:9000 also works.

However, what does not work is the domain that is connected to 192.168.1.160:9000 (https://notes.local.domain.com).

Which kind of makes sense to me, since everything is routed through the VPN, even if we are talking about internal DNS server (pihole DNS records).

I hope this kind of makes sense what I just explained. I am not quite pro on this stuff.

This is an automated archive.

The original was posted on /r/wireguard by /u/zik_rey on 2024-01-19 14:21:14+00:00.

---

Hi! I want to set up Wireguard obfuscation through Shadowsocks because it stopped working several days ago due to ISPs in my country starting to block Wireguard and OpenVPN connections to foreign servers.

I've tried to set it up, but it doesn't work with my configs and I don't have enough experience to do it right.

Remote VPS configs:

wg config:

[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 60207
PrivateKey = 
PostUp = iptables -I INPUT -p udp --dport 60207 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp --dport 60207 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 10.66.66.66/32,fd42:42:42::66/128

shadowsocks config:

{
    "servers": [
        {
            "server":"0.0.0.0",
            "server_port":8388,
            "password":,
            "timeout":300,
            "method":"chacha20-ietf-poly1305",
            "fast_open":true
        }
    ]
}

Local configs:

wg config:

[Interface]
PrivateKey = 
Address = 10.66.66.66/32,fd42:42:42::66/128
DNS = 10.66.66.10,1.1.1.1,1.0.0.1

[Peer]
PublicKey = 
PresharedKey = 
Endpoint = 127.0.0.1:1081
AllowedIPs = 0.0.0.0/0,::/0

shadowsocks config:

{
    "servers": [
        {
        "server":,
        "server_port":8388,
            "method":"chacha20-ietf-poly1305",
            "password":,
            "timeout":300,
            "fast_open":true
    }
    ],
    "locals": [
        {
            "local_address": "127.0.0.1",
            "local_port":1081,
        "tunnel_address":"127.0.0.1:60207",
            "mode":"udp_only"
        },
        {
            "local_address": "127.0.0.1",
            "local_port":1080
        }
    ]
}

Shadowsocks works fine with default SOCKS5 by 1080 port, but there is no connection when I enable WireGuard.

I've followed this guide, but it uses the old port of shadowsocks, so maybe there are mistakes in my adaptation of it's configs.

This is an automated archive.

The original was posted on /r/wireguard by /u/veldera on 2024-01-19 13:10:29+00:00.

---

Files saved by any applicaion to any "iPhone" hyerarchy place are accessible by another applications (including "Files" application) but grayed out for Wireguard only. It begans 2-3 months ago, I don't know if reason was new version of WG or one of installed iOS security updates. Could someone help me and tell how to open such files from WG?

This is an automated archive.

The original was posted on /r/wireguard by /u/Scopethegecko on 2024-01-19 10:06:27+00:00.

---

Hey guys,

WireGuard has been a part of my homelab for about 2 years now and I have been absolutely loving it. Recently I decided to set it up on my wife's iPhone 12 so that she has access to homelab services while on the go. The tunnel connects fine and I can access local services through http://: without any issue as expected. The strange part happens when I try to connect to services through local DNS records. For example when trying to connect to https://immich..com I can not find the server, even though my local DNS (Unbound DNS on OPNsense) points all traffic on *..com to my nginx instance. When I check Adguardhome query logs I can see that the requests to https://..com are being forwarded to Unbound, but I do not get a correct response. When I connect to these services first over wifi and then turn off wifi and try to connect over WireGuard I see that these requests receive the correct A record response (these are cached on Adguardhome), but the service still will not connect.

A bit of background. I am running WireGuard on OPNsense and have Adguardhome as main DNS with Unbound DNS as upstream DNS and CloudFlare DoT as upstream in unbound. This setup works perfectly fine on my Android phone and my Linux laptop.

On the iPhone I have allowed ip's set to 10.11.0.0/16 because Apple Carplay does not like being routed over a vpn and I could not figure out a way to split tunnel WireGuard on iOS so that all traffic except specific apps use my vpn. I would prefer to have allowed ip's on iOS WireGuard settings be 0.0.0.0/0 . Also as DNS server I point it to my OPNsense install on 10.11.12.1 (OPNsense ip on local network).

Another issue I ran into is that Google Maps no longer seems to work with WireGuard connected. When turning off the tunnel Google Maps works again. Again, allowed ip's is set to 10.11.0.0/16 so I do not really understand why Google Maps would not work. I can not imagine the traffic to Google Maps is routed through my local subnet.

As I said before, the strangest part is that I do not run into these issues on my Android phone or my Linux laptop. Seeing as those are set up correctly I am not sure what I am doing wrong.

So in conclusion I have these three questions.

1. What should I do to correctly resolve local DNS records?
2. Is there a way to split tunnel apps on iOS so that I can route all internet traffic from my wife's phone over WireGuard except a couple predefined apps?
3. What should I do so that Google Maps functions while connected to the VPN? (Even while only routing local subnet over WireGuard)

My apologies if this has been answered before, I could not find it. Thanks in advance!

EDIT: a bit of formatting and some information on query logs in adguardhome

This is an automated archive.

The original was posted on /r/wireguard by /u/Ok_Journalist8607 on 2024-01-19 03:16:38+00:00.

---

Hey there, new user to WireGuard, I have a few questions. A friend asked me to download WireGuard to get access to his server.

I just have a few questions as a new user.

1. I have a Tunnel he guided me how to add. When it says "Activate" does that mean he can't access my PC? I know it is silly, as much as I trust him, I have a smidge of paranoia lol
2. If I completely close out of WireGuard by exiting the program, is it completely off?
3. Can he access any of my files while I am connected to his tunnel?

Thank you!

This is an automated archive.

The original was posted on /r/wireguard by /u/Jolly_Charity_5739 on 2024-01-18 21:13:51+00:00.

---

Hey everyone! I recently set up a WireGuard server on my home network, and it works great! I was even successfully able to set up an iptable rule so that only my specific configuration could access the local network - everyone else who I have created a configuration for simply has their packets dropped. However, on some networks, I run into a very strange routing issue. When I activate my WireGuard tunnel, I notice that my network indicator symbol(I'm on Windows 11" indicates that I have no internet connection. On mousing over the icon, I see that my VPN tunnel has no connection, but the network I'm connected to does. However, I am unable to browse the internet, nor connect to any of the devices on my home LAN. Something I find very odd however, is that if I enable a different VPN, then activate my tunnel, and then DISCONNECT said different VPN, my tunnel stays connected and I am able to browse the internet and my LAN through it. What gives? I've done a trace route to my home IP address through the remote network, and I'm unable to access it. How come I'm still able to access it after turning off the other VPN? Shouldn't that end the connection I have to my home LAN?

This is an automated archive.

The original was posted on /r/wireguard by /u/yo_its_freedo on 2024-01-18 20:27:35+00:00.

---

Hey sub, so just as the title suggests I'm trying to figure out a problem I'm having with my laptop wireguard client. I mainly use wireguard to connect to my home raspi Nas so I can work on stuff on the go. I've been noticing that when I connect to my VPN, and then go to my shared folder for my Nas, it opens the main directory of the server but I can't go deeper like clicking on another folder, my cursor just sits and loads and sometimes never even opens the folder I try to get into. At other times, I do the exact same thing. Fire up the VPN, open my shared folder and I'm able to navigate as if I'm on my home network. I also have this app called "total commander" that allows me to connect to my server and access my files from my phone which works wonders when I connect my phone to my vpn. I'm just wondering if there's some sort of bottleneck on the laptop side or is the desktop version of wireguard buggy or if it's my home network internet speed? It's really weird but sometimes it works on my laptop and other times it doesn't and just loads constantly but my phone works fine with it. Any help/insight is greatly appreciated thank you in advance.

This is an automated archive.

The original was posted on /r/wireguard by /u/ImaBusterMan on 2024-01-18 20:04:02+00:00.

---

Now the scenario is I wanna play a game by port forwarding by bypassing CGNAT on my Windows.

But the terminal commands exist for linux, so I dual boot windows and linux on my pc to setup wireguard and need confirmation who to make client and who to make server or host.

The condition is I should be able to play my game on Windows through Wireguard VPN, should I execute all the commands on my linux and make android phone the server and windows the client so when I install wireguard app on it the connection is setup ? If that is possible then tell me how ?

Secondly, using a VPS I only require to give its IPV4 and nothing else right ?

This is an automated archive.

The original was posted on /r/wireguard by /u/Powerful-Bullfrog-22 on 2024-01-18 19:11:23+00:00.

---

Hello, I need help setting this up. It would be greatly appreciated!

I have a home network with Home Assistant on it. My home network has two WAN’s.

WAN1 is fiber direct WAN2 is Cellular Backup (failover WAN)

At home I have a Home Assistant server.

Additionally I have a VPS sever that runs a web-server. What I ultimately want to do, is make Home Assistant and the VPS Web Server be able to talk back and forth via Home Assistants API and my own that I setup. I could do this easily by port forwarding, however CGNAT blocks this when switched to cellular backup WAN. Additionally port forwarding exposes my home internet and I would rather just not do that.

So, I figured I could create a Wireguard Server on my VPS and connect to it on my Home Assistant Server which would allow my VPS to access the local internal IP of the Home Assistant Server of : 10.0.1.102:8098 (8098 being the home assistant port).

Can someone guide me? Please and thank you :).

This is an automated archive.

The original was posted on /r/wireguard by /u/latenighttrip on 2024-01-18 17:28:44+00:00.

---

I am scanning my network with wireshark. I have been getting this occasional wireguard packet sent through from my main laptop. I do not have wireguard installed, nor do i use any vpn on this laptop. what do? Is this malware trying to communicate to home?

This is an automated archive.

The original was posted on /r/wireguard by /u/nusb0 on 2024-01-18 16:44:49+00:00.

---

Hello,

With my French ISP we can do our own VPN, so I did one to give it a try and I have a .conf file now.

It's working perfectly on my mobile (WiFi of my second house in another country), but I don't have access from my computer (same place, with WiFi or ethernet).

I'm using the same .conf file, I don't "use the them" in same time.

I changed my DNS address for the google ones some years ago on my computer.

Any ideas?

Thanks!

This is an automated archive.

The original was posted on /r/wireguard by /u/Rummyster on 2024-01-18 16:35:01+00:00.

---

I'm attempting to connect my phone via wireguard to a VM on my local network.

The wireguard tunnel allows me access to all other machines on the local network except the virtual machine.

VM ip is routed and given by the router to be static at 192.168.50.233 which I can access when connected directly to local network but just not through wireguard.

Any ideas?

This is an automated archive.

The original was posted on /r/wireguard by /u/Southern_Ad_8241 on 2024-01-18 15:07:06+00:00.

---

Hello community,

I've recently set up a raspberry pi 5 on my home network as a VPN server and PiHole. All of which is working well. Im able to use wake on wan from remote locations via connecting to my VPN and using PuTTY to SSH into my raspberry pi and use etherwake. (Also have app on phone to do this aswell) The problem i have is when im on my girlfriends wifi on my laptop, i can connect to my wireguard vpn no problem but then when i try and SSH into the IP of my raspberry pi i get a 'Network error: Permission denied' on PuTTY. So thought could something in the router settings be blocking this connection. However this is where i get lost. If i connect my phone to my girlfriends wifi and connect to my VPN i can use 'Termius' and guess what i can connect via SSH to my raspberry pi. So that makes it look like the networking isnt blocking the connection and maybe its soemthing to do with laptop. But then i can connect my laptop to my phones hotspot and connect to VPN and SSH in no problem. So im scratching my head at this point.

Any help would be greatly appreciated.

Will

This is an automated archive.

The original was posted on /r/wireguard by /u/rqbin_jus on 2024-01-18 14:39:24+00:00.

---

I am hosting a wg vpn on a raspberry pi4, and it works well on two windows client. Now, i try to connect my arch linux laptop, and i have some serious issues with the dns. I tried everything, but nothing work :/ i can connect to the DNS, but not to websites. Help ? :(

(sorry for the french outputs)

❯ sudo wg-quick up wg0

[#] ip link add wg0 type wireguard

[#] wg setconf wg0 /dev/fd/63

Warning: AllowedIP has nonzero host part: 10.149.249.1/24

Warning: AllowedIP has nonzero host part: fd11:5ee:bad:c0de::1/64

[#] ip -4 address add 10.149.249.2/32 dev wg0

[#] ip link set mtu 1420 up dev wg0

[#] resolvconf -a wg0 -m 0 -x

[#] ip -6 route add fd11:5ee:bad:c0de::/64 dev wg0

[#] ip -4 route add 10.149.249.0/24 dev wg0

__________________________________________________________________________________

❯ ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) octets de données.

64 octets de 8.8.8.8 : icmp_seq=1 ttl=59 temps=62.4 ms

64 octets de 8.8.8.8 : icmp_seq=2 ttl=59 temps=49.6 ms

64 octets de 8.8.8.8 : icmp_seq=3 ttl=59 temps=67.0 ms

^C

--- statistiques ping 8.8.8.8 ---

3 paquets transmis, 3 reçus, 0% packet loss, time 2004ms

rtt min/avg/max/mdev = 49.624/59.680/67.021/7.357 ms

__________________________________________________________________________________

❯ ping google.fr

ping: google.fr: Échec temporaire dans la résolution du nom

__________________________________________________________________________________

❯ cat /etc/resolv.conf

nameserver 127.0.0.53

options edns0 trust-ad

search .

__________________________________________________________________________________

❯ sudo wg-quick down wg0

[#] ip link delete dev wg0

[#] resolvconf -d wg0 -f

❯ ping google.fr

PING google.fr (2a00:1450:4007:819::2003) 56 octets de données

64 octets de par21s22-in-x03.1e100.net (2a00:1450:4007:819::2003) : icmp_seq=1 ttl=110 temps=40.1 ms

64 octets de par21s22-in-x03.1e100.net (2a00:1450:4007:819::2003) : icmp_seq=2 ttl=110 temps=41.7 ms

64 octets de par21s22-in-x03.1e100.net (2a00:1450:4007:819::2003) : icmp_seq=3 ttl=110 temps=40.5 ms

This is an automated archive.

The original was posted on /r/wireguard by /u/xcalibre1 on 2024-01-18 12:41:38+00:00.

---

Hi all,

Long time lurker. First time poster.

Let me preface by saying I am able to connect directly to my Wireguard server endpoint from my Android mobile.

However, I am not able to communicate if obfuscate Wireguard traffic using stunnel on Android.

Here is my current setup (selective snippet):

• Server (public ip: 192.0.0.1)

  • stunnel.conf:

  ...

  [wireguard] accept = 443 connect = wireguard_server:51820 cert = /etc/stunnel/stunnel.pem

  • wg0.conf:

  [Interface]

  ListenPort = 51820 PrivateKey = xxxxx

  [Peer] # phone

  PublicKey = xxx

  AllowedIPs = 192.168.0.1/32

• Phone

  • stunnel.conf (via SSLsocks app)

  ...

  [wireguard]

  client = yes

  accept = 127.0.0.1:10000

  connect: 192.0.0.1:443

  • wg0.conf:

  [Interface] Address = 192.168.0.1/32

  DNS = 1.1.1.1 PrivateKey = xxxxx

  [Peer] # server

  PublicKey = xxx

  Endpoint = 127.0.0.1:10000 AllowedIPs = 192.168.1.0/24

SSLsocks was not displaying any logs when I enabled the Wireguard tunnel. I was expecting to see some traffic logs in SSLsocks as part of the Wireguard handshake attempt.

However, I had no issues connecting to via Chrome (i.e. SSLsocks was able to display logs each time a connection was made).

Is there a limitation to to accessing 127.0.0.1 from the official Wireguard app?

Looking forward to hear your thoughts! Thanks!

This is an automated archive.

The original was posted on /r/wireguard by /u/UinguZero on 2024-01-18 12:31:44+00:00.

---

Hi all,

I have setup a wireguard server

i have setup a connection between my android device and the server, which works perfectly, i can access the internet, i can access local devices

But for the love of god, I can't figure out why my linux machine can't connect to my server.

I am on the same network as my android device

in the firewall i enabled wireguard

i did an udp port scan and i get an open response back from the server ip

I even downloaded the conf file from my android phone, put it on my linux, changed the ip and the address

but still, my server does not see the connection incoming.

while i am perfectly seeing it for my android device.

Any suggestions or tips?

OS: Opensuse Tumbleweed