WireGuard

This is an automated archive.

The original was posted on /r/wireguard by /u/Benofthewest on 2024-01-18 12:10:00+00:00.

I have 3 sites. One host a RPI with piVPN/Wireguard. The router of this site has public IP and the correct port is forwarded to the RPI. Works perfect. The two other sites does not have public IP, but as I understand that should not be a problem with Wireguard since it uses UDP. Both the remote sites work perfect when it comes to accessing the RPI site and all equipment there. But what I need is the possibility to access both the remote sites from the RPI site and also remote site to remote site passing via the RPI. This has been confirmed in many forums; it should be possible to access a site remotely even if it have no public IP.

Of course the WAN IP of both the remote sites are known to me, and I even tried to do a port forward on both sites. The routing seem correct, all sites allows all LAN IP's of the other sites and their respective VPN IP's. I even asked Chatgpt4 and got step by step instructions similar to what I already tried. ChatGpt also confirm that no public IP is necessesary for bi-diractional contact between the sites. But i don't get it to work. From remote sites everything on the "main site" with the RPI and various hardware can be accessed as if I was there. The other way around nothing can be reached. The only thing responding to ping or http/s is the VPN IP of the RPI. In the other end of the tunnel i can not ping the remote VPN virtual controllers. Or anything else.

Can anybody help?

PS. I tried to set routing in each router (TP-LINK AX3000) on both the remote sites, but as i understand the Wireguard clients should be able to handle correct routing on its own.

This is an automated archive.

The original was posted on /r/wireguard by /u/CheckYourPixel on 2024-01-18 11:48:29+00:00.

Hello, I had a time with good working wireguard with statusbar on my iMac. In this place I use my iPhone to share the Internet-connection.

Then I decided to check if my wireless router can pass trough the iPhone connection. So the only way was to connect my Mac via LAN-Cable to the WAN input on the router. The iPhone share the Internet, the iMac share it with the router, other devices can use the wifi from router. That didn't work out for me, because the LAN port and the wifi of iMac was used and I can't use it with the router-wifi/network. I turned all back again, since then the wireguard doesn't work anymore.

The statusbar say wireguard is not installed

if I do wg-quick up utun1 I get this message

[#] wireguard-go utun

[+] Interface for utun1 is utun2

[#] wg setconf utun2 /dev/fd/63

[#] ifconfig utun2 inet 10.3.3.2/24 10.3.3.2 alias

[#] ifconfig utun2 up

[#] route -q -n add -inet 192.168.0.0/24 -interface utun2

[#] route -q -n add -inet 10.3.3.0/24 -interface utun2

[+] Backgrounding route monitor

the status bar turns on but still say "wireguard is not installed"

Do somebody have an idea what I might turned off or messed up?

This is an automated archive.

The original was posted on /r/wireguard by /u/skorphil on 2024-01-18 11:01:15+00:00.

Hi, im using wg server container

I wonder where within container wireguard stores its logs? Like who where connected, how connection goes. I need to debug my setup and cant find the logs

This is an automated archive.

The original was posted on /r/wireguard by /u/Weird-Repeat-7125 on 2024-01-18 07:48:20+00:00.

Hi everyone,

First of all sorry for my bad english.

I want to setup a NAS with Truenas Core.

For this, I first installed a Transmission plugin that worked fine, I had access to its web UI. I then installed Wireguard to run a VPN (Mullvad), works perfectly as well. The jail is protected by VPN and I have access to the internet (ping). Since installing the VPN, I can't access the transmission web UI anymore: The waiting period has passed The server at 192.168.1.23 is taking too long to respond (i have google translated from french, sorry). I can't find the process to access to transmission web ui again. I've tried quite a few things, it still doesn’t work.

Might need a whitelist (split tunneling)?

Any help appreciated.

This is an automated archive.

The original was posted on /r/wireguard by /u/superhardtack on 2024-01-18 05:09:29+00:00.

Hi, I'm new to Wireguard, so please bear with me.

I'm using this guide:

I successfully used the guide to make a private server that's behind a CGNAT open to the public by creating a tunnel to a VPS with WG server.

I decided to go with the "Default Route" so that the private server still has IP information of the visitors and presumably can continue blocking bots with Fail2Ban.

Everything is working beautifully. The only change I had to make that wasn't on the guide was to add the following lines to the public server's wg0.conf:

PostUp = ufw route allow in on wg0 out on eth0

PostUp = ufw route allow in on eth0 out on wg0

My question is, from a security standpoint, if someone compromises the public VPS account, will they have complete access to all services running on the private server. Or, will UFW on the private server continue blocking all ports except for the ones that are enabled?

Realistically, I only need traffic on port 443 piped back and forth in the wireguard tunnel.

This is an automated archive.

The original was posted on /r/wireguard by /u/repolevedamai on 2024-01-18 00:07:57+00:00.

Hi everyone,

I have AGH + wg-easy + unbound setup on a docker-compose environment.

From my mac I can validate that both adblocking and solving DNS rewrites works flawlessly.On my iPhone connected through the VPN the custom DNS rewrites can never be resolved.Has anyone faced similar issues?

Here's part of my setup:

Wireguard
environment:
- WG_HOST=vpn.meshlaneous.dev
- WG_DEFAULT_DNS=10.2.0.100 
- WG_DEFAULT_ADDRESS=10.6.0.x
networks:
  private_network:
    ipv4_address: 10.2.0.3

AGH
networks:
  private_network:
    ipv4_address: 10.2.0.100

networks:
  private_network:
    ipam:
      driver: default
      config:
        - subnet: 10.2.0.0/24

Client Wireguard Configuration

[Interface]
PrivateKey = xxxx
Address = 10.6.0.0/24
DNS = 10.2.0.100

[Peer]
PublicKey = xxxxxx
PresharedKey = xxxxxx
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = xxxxxxx:51820

I can connect to other devices on my local network through IP, just not through my DNS rewrites set in AGH.

When looking at adguard logs I can see the requests coming from the phone and resolving to the right IP and I can reach that IP directly in my browser.

Any help would be appreciated.

Thanks!

Edit:When mac is connected to VPN DNS rewrites resolving also fails.

Edit2: Mac only works when connected to the network where my redirect IP is reachable, if I connect to my phone 5g network it doesn't work. It seems to be related with being able to connect to the resolved IP from within the container.

Edit3: Added more details.

This is an automated archive.

The original was posted on /r/wireguard by /u/koningcool on 2024-01-17 20:50:20+00:00.

Hey,

What is the best way to obfuscate WireGuard over port 443 (TCP) as HTTP(S) traffic?

Is this possible using something like Nginx?

Thanks in advance.

This is an automated archive.

The original was posted on /r/wireguard by /u/ExternalSale7703 on 2024-01-17 18:46:01+00:00.

Hi, I recently setup my wireguard vpn server on a raspberry pi. I installed the wireguard client on my Mac and was able to connect to the vpn. I then proceeded to disconnect and now I am no longer able to open the wireguard app.

What did I already do:

1. I restarted my computer, that didn’t solve the problem.
2. I uninstalled and installed the wireguard client. I was able to open the app again but I was again unable to open after closing the app once.
3. I searched on Google, I couldn’t find other people with this problem.

This is an automated archive.

The original was posted on /r/wireguard by /u/ImaBusterMan on 2024-01-17 18:31:19+00:00.

Sry my last post drifted a little so I'll keep it straight -

1.) I'm a noob here so please if you want to give me instructions do like this

2.) I couldn't port forward due to not having a static IP and my game requires that otherwise I get disconnected everytime, so I thought wireguard but all these terms - client,server,ssh public/private keys,linux server, vps is hella confusing and out of my reach (I just wanna play my game !)

3.) THIS IS IMPORTANT - I came across this page which gives a command following which on my linux terminal creates a wireguard.sh file preconfiguring all the ports I need for my game and says me to do the rest !! What exactly is that I'm unaware

4.) I further ran the script which asked me about my ipv4 address so I gave my own ip which someone said wont work because its not static

So, do I need to give the VPS ip after buying one (someone recommend a free one) instead and if I do what do I need to do further (how to setup the client - server etc etc) so I can play my game.

PS : The page said the commands only work on Linux so will I not be able to play the game on WIndows ? And also how do the VPS specs affect my online gaming more than my PC specs

Thx for the long read and in advance

This is an automated archive.

The original was posted on /r/wireguard by /u/SteakFeisty1928 on 2024-01-17 14:34:12+00:00.

Is it banned? Facing issues from yesterday, but server is fine

This is an automated archive.

The original was posted on /r/wireguard by /u/southerndoc911 on 2024-01-17 11:25:22+00:00.

Is there any benefit to changing the default port from 51820 to another port?

This is an automated archive.

The original was posted on /r/wireguard by /u/Anrudhga2003 on 2024-01-17 08:30:25+00:00.

I've been trying to run Wireguard with IPv6 support on Oracle cloud to no avail. For those who don't know, Oracle cloud does not allow us to assign entire subnets to the VM, only specific IP addresses assigned to the respective interfaces which makes me unable to assign those IPs to my clients.

Is NAT by using ULA my only option? Am I missing something? IPv4 works fine.

This is an automated archive.

The original was posted on /r/wireguard by /u/Clonkex on 2024-01-16 22:18:15+00:00.

I'm trying to set up a VPN to be able to access my local network from outside. This started as a fun idea to try on my Pi 4 but has devolved into pain and suffering because I'm on Starlink and they use CGNAT. I don't actually even need the VPN but I want to complete the project for the sake of learning.

So far I've spent a few days struggling through learning how iptables works (and finally realising there's hooks in the kernel that it uses to modify how packets are handled - it was so confusing that an optional package could magically act as a firewall) and trying to wrap my head around what postup and postdown commands I need.

So this is where I'm at:

• I've got a VPS (a Digital Ocean droplet, although I will be switching to Vultr later)
• I've got a Pi 4 on my local network
• I want to be able to add WG peers on the VPS (preferably using pivpn because that makes it incredibly easy, but I'll do it manually if I have to), add the required config to my phone (again preferably using pivpn because then I can just generate a qr code), then just turn on WG on my phone and be able to ping any device on my local network from my phone (or, more usefully, access the SMB share on my NAS)
• I found a few guides showing how to set up chained VPNs with WG, but they seemed to be doing it for secure inside-out access to some sensitive resource and I don't think their setups would work for my case

I think I've reached the limit of what I can figure out on my own with this. Any pointers would be much appreciated!

This is an automated archive.

The original was posted on /r/wireguard by /u/Tomosaki112 on 2024-01-16 21:36:43+00:00.

Hello,

I am using a normal wireguard setup to access my local network, as well as having other peers which work as subnet routers for other networks. However my main "hub" peer is on my local network.

Now I am wondering how to make my setup redundant if my hub peer goes down. Probably the most logical way is using VIPs and keepalived and make the exact same copy of wireguard on another host. I also know I can implement a load balancer, but this just presents a different single point of failure to me. Besides that, I like to keep things interesting and have come across implementing OSPF over wireguard (such as this or this or this).

If I understand this correctly, I can setup ospf between wireguard peers and if two are on the same LAN, OSPF would choose the one with the best route to the local network, which would also mean that if one goes down the traffic is routed through another peer. Do I understand this correctly?

Also how would then android, ios, windows wireguard peers behave? Any feedback would be appreciated.

This is an automated archive.

The original was posted on /r/wireguard by /u/kryachkov on 2024-01-16 13:10:16+00:00.

Hi. I run a wireguard "server" on FreeBSD, behind Ubiquiti UDM (firewall simply forwards 51820 port to FreeBSD host), client is MacOS with Wireguard app from App Store. MacOS connects to Freebsd host successfully and it works for a while, but some seemingly random moments in time it just stops working aka handshake fails and no ping can travel between hosts. Perstistent keepalive is on.

Any ideas on what it can be, how to debug and where to look? Thanks in advance

This is an automated archive.

The original was posted on /r/wireguard by /u/Elmidea on 2024-01-16 08:25:13+00:00.

Hello, diagram below: my LAN#2 computer (Raspberry Pi 4 running Linux) is connected to LAN 1, as many other outside computers. Works like a charm.

Now I want this SAME LAN#2 computer to give access to LAN#2 to another different outside computer, at the same time.

How can I achieve that? How would my allowed IP's should look like for this scenario?

Thanks a lot!

This is an automated archive.

The original was posted on /r/wireguard by /u/Balls2323 on 2024-01-15 22:32:54+00:00.

Hello,

I set up the wireguard server on my MT3000 and configured my port forwarding and DDNS correctly.. I think. However when I scan the QR code on my phone there is no accessing the internet.. I am not sure what could be the issue. I can post more details if needed.

This is an automated archive.

The original was posted on /r/wireguard by /u/sikupnoex on 2024-01-15 20:46:28+00:00.

I'm currently running WireGuard inside a Debian VM. Everything works ok, but I'm planning to migrate it to a dedicated machine (an old laptop or a Raspberry Pi to save some power).

Now the question, my Asus router has preinstalled some VPN servers including WireGuard. I should run it on the router? It has a nice interface and also it's available in Asus's mobile app. But has some limitation, for example it allows only maximum 10 clients (not a problem for me) and I can't setup the server URL (I'm using the DDNS from my IPS and the router is not aware of that, I think that I need to use the Asus DDNS). But I'm afraid that running a VPN server on the router would affect the network's performance - downloading large files at 5G speeds on my phone when connected to VPN puts a high load on the server.

This is an automated archive.

The original was posted on /r/wireguard by /u/pbcsd007 on 2024-01-15 19:04:44+00:00.

I think I'm having a WG issue, not a Blue Iris (BI), issue, and for the life of me can't figure it out so wondering if anyone can think of some ideas...

A few years ago I installed WG on my RPi 4 so that I could create a VPN to log into BlueIris from my mobile phone when away to view my security cameras. I never set up a DDNS address, simply used whatever my most current ISP address was. I then set up a reboot of my RPi every night. For over a year I haven't had any issues, but in the last week or so I have not been able to connect to my WG VPN.

I have tried removing my tunnel and adding a new one via the QR method. Have rebooted several times. Double checked that my router/port settings had not changed.

I then figured maybe it was something to do with the fact that my ISP changed the IPv4 address and thought I'd try and use my NoIP account.

So I used this guide to set it up:

How To: Setup Raspberry Pi with PiVPN, WireGuard and NoIP.com : Joshua Lowcock

Everything seemed to go swimmingly and I didn't get any error messages (and checked the trouble shooting part, and again everything seemed to be okay at the server end).

But I still am unable to connect to BI. I can connect when I'm at home via wifi, but turning off wifi and connecting via WG VPN and I get a connection timeout/error when I try to get to BI. I'm fairly certain it is a WG issue, as I also am unable to get internet access through WG and can't connect to any of my internal IP's.

Everything seemed to work swimmingly until maybe a week or two ago.

Just looking to see if anyone has an idea of what I can check here?

This is an automated archive.

The original was posted on /r/wireguard by /u/SilverPenguino on 2024-01-15 17:31:07+00:00.

Have a wireguard vpn server setup via unifi console. I have verified the server address is correct and that all RFC networks have access to my custom dns server addresses.

The generated client for my MacBook Pro connects and correctly gets a handshake, however, my iPhone says it connects but does not have any access to WAN or LAN.

Something odd is that the endpoint is correct in the config file, however when I connect via iOS and go to settings -> vpn the connected configuration shows the server as the endpoint ip address but server address is 127.0.0.1

Any help or advice would be appreciated

This is an automated archive.

The original was posted on /r/wireguard by /u/aje0200 on 2024-01-15 17:16:50+00:00.

Hi, I had my PIVPN working last week however it has suddenly stopped. I am connecting to my raspberry pi via an iphone. I was following the tutorial here, I set port forwarding of 51820 on my router to the pi. Many thanks

This is an automated archive.

The original was posted on /r/wireguard by /u/kegweII on 2024-01-15 16:32:49+00:00.

I have two servers, SERVER-A and SERVER-B. SERVER-A sits behind a firewall on a private IP address. SERVER-B will be hosted in the cloud on a public IP address accessible over the internet. SERVER-A (private IP) can reach SERVER-B listening port, no problem. However, SERVER-B can't reach SERVER-A since it sits behind a firewall.

Is it possible for SERVER-A (private IP) to establish the connection to SERVER-B to create the VPN tunnel? Or would I have to open/forward ports on the firewall so SERVER-B could reach the listening port of SERVER-A?

Here is a basic diagram

This is an automated archive.

The original was posted on /r/wireguard by /u/JohnSmith--- on 2024-01-15 13:33:56+00:00.

Hi all. Unfortunately my ISP's DPI operation has gotten pretty bad. Lots of unnecessary censorship and bad routing during peak hours, high ping etc. I already use Mullvad when I need to change my IP and I'm very happy with it. But to keep my speed high and still have an IP in the same country, I have decided on setting up WireGuard on a VPS with wstunnel to defeat the DPI. May also run dnscrypt-proxy on it and other services on it too.

I was wondering what should be the appropriate specs to choose on the VPS? Currently the cheapest (and default) option is 1 CPU core, 1GB RAM, 20GB SSD and 1TB traffic. Will that be enough? The OS options are also AlmaLinux 9 and Ubuntu 22.04, which should I choose?

I assume 1GB of RAM will be fine but I'm wondering if I should push for 2 CPU cores? 20GB of SSD is more than enough and 1TB traffic is just about what I use in any given month.

~~Also, for online multiplayer gaming which uses UDP packets, this won't work right? Do I also need udptunnel? Can wstunnel and udptunnel run at the same time. I'm a bit lost.~~ Nevermind, I guess wstunnel tunnels all traffic.

One more question, do I need more than one ip? Or will everything run over one public ip?

This is an automated archive.

The original was posted on /r/wireguard by /u/egypsiano on 2024-01-15 10:12:52+00:00.

Hi All,

I've Proxmox Server running on 2 Networks (192.168.1.1/24 : modem) and Local /network for some of my Containers and VMs on 192.168.10.1/24 The third network should be an overseas one under another modem/router 192.168.0.1/24 adding to these Tailscale installed, configured and working perfectly.

Here's my point:

How to make VPN to access these three networks locally and outside these networks, to make them reach each other and each devices.

About my Environment:

r/Proxmox has:

• r/Docker w/ r/Portainer CLT under 192.168.10.1 (Jellyfin, Remotely)

• FS (OpenMediaVault 6) under 192.168.1.1

• r/RustDesk under 192.168.1.1

• Overseas user under 192.168.0.1

• No Static IPs just using r/Tailscale or free DDNS (r/cloudflare dns, r/duckdns)

P.S. Please consider I'm a newbie to Linux and Its Terminal.

Thank you for your time

This is an automated archive.

The original was posted on /r/wireguard by /u/Obvious-Viking on 2024-01-15 10:07:13+00:00.

Hi all

So i use wireguard to tunnel into my lan. Ive noticed however when i use some free wifi points i cant connect.

I have a vpn that i can get running on these free wifi points but then wireguard wont tunnel over the vpn connection.

Am i doing something wrong?