WireGuard

This is an automated archive.

The original was posted on /r/wireguard by /u/daizerino on 2024-01-01 20:05:27+00:00.

Hello, I have a problem with wireguard in wsl 2.

Adapters in Windows: vps: "Ethernet Instance 0" (public IP) WSL: "vEthernet" (172.16.54.1)

in Ubuntu wireguard: "wg0" (10.155.7.1) Ethernet: "eth0" (172.16.54.1)

i have pihole and pivpn(wireguard installed).

i forward ports 80,53,51820 tcp and 51820 udp with netsh so that i can access the webserver from pihole on the internet.

on my wireguard client i see packages are sent but cannot be received always 0.

i think it is because i cant forward anything from wsl(ubunu) to my vps(public Ip) because i dont have a adapter.

does anyone know what i could try to make the vpn work? or knows a guide?

This is an automated archive.

The original was posted on /r/wireguard by /u/gurkalurka on 2024-01-01 15:40:09+00:00.

I am able to connect to the endpoint, but i can't ssh into the internal IPs nor route outbound to the internet from this endpoint. Hoping someone can point out my mistake in the setup. Have tried lots of different settings with no luck.

Here is my server config (Rocky Linux 8):

[Interface]
Address = 10.66.66.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = xxx
[Peer]
PublicKey = xxx
PresharedKey = g4z2ErouHKhrD34nBWX65H6dkBRWF/f364StFk1EgCQ=
Endpoint = :61365

[Peer]
PublicKey = xxx
PresharedKey = xxx
AllowedIPs = 10.66.66.0/24

and my client config:

[Interface]
PrivateKey = xxx
Address = 10.66.66.2/32
DNS = 8.8.8.8, 1.1.1.1
[Peer]
PublicKey = xxx
PresharedKey = xxx
AllowedIPs = 0.0.0.0/0
Endpoint = :51820
PersistentKeepalive = 25

This is an automated archive.

The original was posted on /r/wireguard by /u/plyn_algo on 2024-01-01 13:04:11+00:00.

Hello there, sorry if my question is just stupid. I'm a beginner.

I don't have a public IP from my ISP yet. But I wanted to test my vpn anyway. So I took my old tp-link router and wired it like this:

WAN

|

tp-link

opnsense ---- my LAN

---------- phone

I want to access my LAN from my phone over wireguard, just for test purposes. But it doesn't work.

Is that because I can't use a local ip (assigned by tp-link) as Endpoint on my phone?

Or is that because I am dumb and can't set up my vpn properly?

(yeah, probably both reasons anyway :D)

And could anyone explain, please?

Thanks!

This is an automated archive.

The original was posted on /r/wireguard by /u/One1pathOne1way on 2024-01-01 07:59:53+00:00.

Client Setup:

Device: Slate AX (GL-AXT1800)- Connected to M.E ISP router in repeater mode

Location: Middle East

Server Setup:

Device: GL-SFT1200 Opal

Location: United States

Internet Service: AT&T Fiber Optic, 1 Gig

Problem Description:

I have been using this Residential WireGuard VPN setup successfully for the past year. However, a few weeks ago, I started experiencing issues with connecting to my server in the US. We have confirmed that the server is not the problem.

The client shows as connected initially it indicating upload traffic but no download traffic.

Eventually, the connection fails shortly after about 15-20 seconds displaying a “client starting” message, followed by a complete loss of any connection.

Rebooting the ISP router multiple times is required before a stable connection is re-established. Can take many hours before it would work. Sometimes not

I’m unsure what could be causing these connection issues. Any guidance or suggestions would be greatly appreciated. I am ready to provide additional information as needed and will update this post with the most recent log file soon.

This is an automated archive.

The original was posted on /r/wireguard by /u/sy0nn on 2023-12-30 21:36:06+00:00.

Hello. I speak french and i'm a total beginner in all of this.

I wanted to use a more secured solution than PPTP to setup a vpn on my windows server. I succeded, ... I suppose ? In configuring a wireguard tunnel. I can access to my shared folders when connected to the vpn but the client don't have access to internet through it.

The "server" is on windows server and the client is, for testing, in android.

I tested to add dns 8.8.8.8 to client on android to see if there is a test.

This is an automated archive.

The original was posted on /r/wireguard by /u/Lu5ck on 2023-12-30 21:30:06+00:00.

Dear all,

I am trying to setup VPS like this

<-> Internet <-> VPS A <-> VPS B <-> Internet

<-> Internet <-> VPS A <-> VPS C <-> Internet

VPS A is a game server

VPS B is an alternate route to VPS A, also the public IP for the game server. Due to network issue, VPS B has better route to VPS A than VPS A directly to internet.

This my A config, obviously not real IP.

[Interface]
Address = 192.168.4.1/30
PrivateKey = 
ListenPort = 59308
Table = off

[Peer]
PublicKey = 
AllowedIPs = 192.168.4.2/30, 0.0.0.0/0
Endpoint = 90.12.15.101:42252
PersistentKeepalive = 25

On B, I have this

[Interface]
Address = 192.168.4.2/30
PrivateKey = 
ListenPort = 42252
Table = off

[Peer]
PublicKey = 
AllowedIPs = 192.168.4.1/30, 0.0.0.0/0
Endpoint = 46.250.12.31:59308
PersistentKeepalive = 25

On A, I also do these

echo '200 origin' >> /etc/iproute2/rt_tables
ip rule add from 46.250.12.31 table origin
ip route replace default via 46.250.12.1 dev eth0 table origin
ip rule add default dev wg0

As both are VPS servers, I want to keep my SSH alive. I trial and error out that having Table off will allow me to have 0.0.0.0/0 without destroying my SSH connectivity. I need 0.0.0.0/0 because otherwise, I won't be able ping to outside world through VPS B.

Likewise, in order for my VPS A to maintain SSH connectivity, I added a rule based policy before setting wg0 as default route to force my game application to run on that VPS B IP.

Now, my problem is I too would like to able to connect to my game server on A via server A's internet itself. However, I simply couldn't get it to work. On my tcpdump, I could see the packet but it just doesn't capture by the game application for unknown reason.

It is puzzling because the game server can see connection request from VPS C which config are not any different from B and A, with same table off and 0.0.0.0/0

Am I doing my routing wrong? Am I missing something?

This is an automated archive.

The original was posted on /r/wireguard by /u/kiciner on 2023-12-30 17:16:26+00:00.

I asked this on r/ubuntu but this might be a better spot My VPN provider is limiting WireGuard connections to 1, any IP is allowed but you only get single config

so I got VPS for boxing day (ubuntu server) and been messing with this for a bit

I am trying to connect to VPN from my VPS server, but at the same time have VPS act as a wireguard server and re-share my VPN connection

So I have /etc/wireguard/wg0.conf acting as my server

[Interface]
Address = 10.7.0.1/24
PrivateKey = 
ListenPort = 51820

# BEGIN_PEER JD
[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 10.7.0.2/32
# END_PEER JD

and /etc/wireguard/wg-client.conf as my client where I entered information provided by VPN

PrivateKey = 
Address = 10.2.72.50/32
DNS = 1.1.1.1
MTU = 1384

[Peer]
PublicKey = 
Endpoint = server:port
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

if I bring wg0 up, I can connect fine I'm assigned IP address of the server

but as soon as I bring up wg-client, I can no longer access server via SSH, wireguard or any other service ..ping stops working as well

net.ipv4.ip_forward is set to 1 in /etc/sysctl.conf

can this be done, what am I missing?

This is an automated archive.

The original was posted on /r/wireguard by /u/kiciner on 2023-12-30 17:16:26+00:00.

I asked this on r/ubuntu but this might be a better spot My VPN provider is limiting WireGuard connections to 1, any IP is allowed but you only get single config

so I got VPS for boxing day (ubuntu server) and been messing with this for a bit

I am trying to connect to VPN from my VPS server, but at the same time have VPS act as a wireguard server and re-share my VPN connection

So I have /etc/wireguard/wg0.conf acting as my server

[Interface]
Address = 10.7.0.1/24
PrivateKey = 
ListenPort = 51820

# BEGIN_PEER JD
[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 10.7.0.2/32
# END_PEER JD

and /etc/wireguard/wg-client.conf as my client where I entered information provided by VPN

PrivateKey = 
Address = 10.2.72.50/32
DNS = 1.1.1.1
MTU = 1384

[Peer]
PublicKey = 
Endpoint = server:port
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

if I bring wg0 up, I can connect fine I'm assigned IP address of the server

but as soon as I bring up wg-client, I can no longer access server via SSH, wireguard or any other service ..ping stops working as well

net.ipv4.ip_forward is set to 1 in /etc/sysctl.conf

can this be done, what am I missing?

This is an automated archive.

The original was posted on /r/wireguard by /u/Teggers_Today on 2023-12-30 15:24:04+00:00.

I can connect to a Portainer agent no issue by adding the agents ip (172.18.0.2) to the ALLOWEDIPS environment details in the compose file -but an edge agent (running on the server) needs access to the portainer server running on the WireGuard client. so i add my local pc ip (192.168.0.41) to the ALLOWEDIPS.

Cant/wont connect.

ALLOWEDIPS=10.13.13.1/32, 10.13.13.2/32, 192.168.0.41/32, 172.18.0.2

Do i need to use UFW on the client to route the client port 8000 though the tunnel or something?

Doc says 'must ensure that what you're providing is the address that the Edge Agent machine will be seeing the Portainer Server on'

This is an automated archive.

The original was posted on /r/wireguard by /u/Algod2 on 2023-12-30 12:55:15+00:00.

2023-12-30 23:51:12.488: [TUN] [] Unable to configure adapter network settings: unable to set DNS: The service has not been started.

This seems to be the only issue when connecting to my VPS from windows 11. It worked on my Windows 11 laptop but not on my Windows 11 desktop. Are there any fixes?

This is an automated archive.

The original was posted on /r/wireguard by /u/blixten85 on 2023-12-30 07:57:22+00:00.

I have setup site to site on my ASUS RT-AX86U router with another ASUS RT-AX82U router. So far it works good. I can access the network from my LAN clients on the RT-AX86U to the RT-AX82U.

But if i also want to use a VPN client to hide my IP when i am on surfing on the internet, then i can no longer access the site to site clients on the other side.

I have followed this guide. [Wireless Router] How to set up site to site VPN with WireGuard®? | Official Support | ASUS Global

I have tried to setup WireGuard client on just one of my devices but then that one can't reach the other clients on the other side anymore.

I guess it's just a question about routing, but i don't know how to fix it. Any ideas?

This is an automated archive.

The original was posted on /r/wireguard by /u/departet on 2023-12-30 01:26:03+00:00.

Hi!

i have the following setup which worked until yesterday when one client got rebootet (pi shutdown, turned on again). I'm not quite sure what broke my setup because i didn't change anything at all.

Network 1 ( Raspberry Pi Client) - 192.168.178.0/24 10.0.20.5

Root Server working as the Server 10.0.20.1

Network 2 (Proxmox LXC container Client) - 192.168.20.1/24 10.0.20.2

I can ping any client in network 2 from network 1 and vice versa. I can also connect via ssh without any issue (connection feels sluggish/slow but i don't know if this was the case before already). I read about the mtu in such cases. As i said i didn't change any config and it was workign before hand. All clients and the server have an mtu as the following - 1420 on wg0 (wireguard) and 1500 on the main (and only connected) other interface. Would i need to change this on every device? Which setting should i try?

Trying to curl the router (both AVM Fritz!Box) webpage from one network to the other (same result on both directions):

root@plex:~# curl -v 192.168.178.1
*   Trying 192.168.178.1:80...
* Connected to 192.168.178.1 (192.168.178.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 192.168.178.1
> User-Agent: curl/7.74.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

If any addictional info is needing just hit me up!

This is an automated archive.

The original was posted on /r/wireguard by /u/nomadwannabe on 2023-12-30 00:26:21+00:00.

Hello,

I have an Asus router running Merlin that supports a Wireguard VPN server.

I had it running, and was having no issues. Then I added a Pihole to my setup, and the DNS requests from my WireGuard client (phone) were not making it over and no data would make it back to the client when connected to the Wireguard server.

My router's LAN IP is 10.1.1.1, with a 255.255.255.0 subnet.

The Wireguard's default Adress and Allowed IPs was set to 10.6.0.2/32 (which didn't work)

I changed both to 10.1.1.1/32 instead and now everything seems to work, including Adblocking on my phone when connected to VPN.

Is there any downside to doing this? I admit, I'm still learning and reading guides where I can, subnets and CIDR are still a tad spotty, but everyday I'm playing with this stuff I'm learning more and more.

Appreciate your time.

This is an automated archive.

The original was posted on /r/wireguard by /u/ozarn on 2023-12-29 23:25:54+00:00.

hello all,

i am new to wireguard, please bear with me. I deployed wireguard on ArchLinux on my network, I can connect to the wireguard server but I cant access anything. I cant even ping IP address i assigned for WG Interface or loop address.

I do have ipv4 forwarding enabled:

net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1

I think i have iptables properly configured:

systemctl status iptables
● iptables.service - IPv4 Packet Filtering Framework
     Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; preset: disabled)
     Active: active (exited) since Fri 2023-12-29 14:11:31 PST; 52min ago
   Main PID: 339 (code=exited, status=0/SUCCESS)
        CPU: 6ms

Dec 29 14:11:30 vps.[redacted].com systemd[1]: Starting IPv4 Packet Filtering Framework...
Dec 29 14:11:31 vps.[redacted].com systemd[1]: Finished IPv4 Packet Filtering Framework.
[root@vps wireguard]# iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 4527 1767K ACCEPT     6    --  ens18  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
  234 41184 ACCEPT     17   --  ens18  *       0.0.0.0/0            0.0.0.0/0            udp dpt:9473
    0     0 ACCEPT     0    --  *      *       10.100.94.11         0.0.0.0/0
    0     0 ACCEPT     0    --  *      *       10.100.94.12         0.0.0.0/0
    8   672 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0
    2   168 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0
 1678 8810K ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 REJECT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
 1047  100K REJECT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
   23   828 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-proto-unreachable

this is my server's config:

[root@vps wireguard]# cat wg-redacted.conf
[Interface]
Address = 10.100.94.1/24
ListenPort = 9473
PrivateKey = [redacted]

# laptop
[Peer]
PublicKey = [redacted]
AllowedIPs = 10.100.94.11/32

# phone
[Peer]
PublicKey = [redacted]
AllowedIPs = 10.100.94.12/32

my 2 configs for laptop:

laptop.conf
[Interface]
Address = 10.100.94.11/32
PrivateKey = [redacted]
 # DNS = 192.168.10.2

[Peer]
PublicKey = [redacted]
PresharedKey = [redacted]
AllowedIPs = 192.168.10.27/24, 172.105.75.112/32, 10.100.94.1/32, 10.36.7.11/32
Endpoint = 192.168.10.27:9473
laptop-all.conf
[Interface]
Address = 10.100.94.11/32
PrivateKey = [redacted]
  DNS = 9.9.9.9

[Peer]
PublicKey = [redacted]
PresharedKey = [redacted]
AllowedIPs = 0.0.0.0/0
Endpoint = 192.168.10.27:9473

my network interface configs:

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.36.7.11/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: ens18:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 46:c0:9d:a7:ef:34 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet 192.168.10.27/26 metric 1024 brd 192.168.10.63 scope global dynamic ens18
       valid_lft 83977sec preferred_lft 83977sec
    inet6 fe80::44c0:9dff:fea7:ef34/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
3: br0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 32:46:5f:65:ae:10 brd ff:ff:ff:ff:ff:ff
4: wg-int:  mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.100.94.1/24 scope global wg-keahgroup
       valid_lft forever preferred_lft forever

networkctl

[root@vps ~]# networkctl
IDX LINK         TYPE      OPERATIONAL SETUP
  1 lo           loopback  routable    configured
  2 ens18        ether     routable    configured
  3 br0          bridge    no-carrier  configuring
  4 wg-int       wireguard routable    unmanaged

Again, i am able to connect but i am not even able to ping 10.100.94.1 or loopback interface 10.36.7.11

Any idea on what am i missing? I spent countless hours trying to figure out what i am doing wrong Thanks in advance

EDIT: added output of networkctl

This is an automated archive.

The original was posted on /r/wireguard by /u/txtFileReader on 2023-12-29 22:17:39+00:00.

Is it possible with Wireguard to set up two VPN tunnels from my cell phone and from my home network to a VPS server (with a static IP) and connect them with each other so that all network devices in my home network can be reached from my cell phone? The VPS should therefore serve as a bridge between the two.

Does it make any sense to do it this way?

How would I configure the individual devices (smartphone, VPS and VM (in the home network)) so that it works?

I have no experience with Wireguard yet.

This is an automated archive.

The original was posted on /r/wireguard by /u/sprime1 on 2023-12-29 19:59:59+00:00.

Title says it all - currently having to run the WireGuard app on my Windows PC to connect to a wireGuard VPN server. Is there a way to use the default Windows VPN Connection client to connect to a WireGuard server instead of using the WireGuard app? My iPhone VPN manager has it "after setting up the client connection through the Wireguard iOS app).

This is an automated archive.

The original was posted on /r/wireguard by /u/umairshariff23 on 2023-12-29 18:52:56+00:00.

I have recently purchased a VPS server with the intention to create a private VPN that I can connect to during my linux iso download sessions. I was under the impression that wiregurad would drop the connection if the remote VPS goes offline and have been trying to write a bash script to pause the VM network in such a case.

Once I was done with the script and testing it, I shutdown the VPS but the connection didn't drop. All traffic out of the VM stopped, but the connection didn't drop. So all of my effort was in vain! However, this is something that I wanted to check with other users of wireguard.

Is this behaviour expected? Can I simply scrap my bash script and leave the connection on indefinitely without worrying about my IP being publicly shared during my sessions?

This is an automated archive.

The original was posted on /r/wireguard by /u/tomado09 on 2023-12-29 18:35:32+00:00.

Coming up soon, I'll be in a country for which it is recommended (and legal, of course) to use a VPN to encrypt all traffic. My sister just got a fat 1Gbps up/down fiber connection at her place (awesome), and I set up a Raspberry Pi with PiVPN to act as a wireguard endpoint. I also have a wireguard endpoint at home (where I host my NAS and a few internal LAN webservices), but alas, my connection is a paltry 140 mbps down / 40 mbps up (ouch). I'd like to have my traffic encrypted at all times with maximum bandwidth (I won't saturate my sister's gigabit fiber, but I'd likely be bottlenecked by my 40mbps at home), and still be able to access my NAS/etc at home.

So my thought is the following: I'll run a full tunnel to my sister's, and if possible, run a split tunnel over that full tunnel to be able to access my services at home. Then only accessing my home services will be constrained by the 40 mbps bandwidth. A few questions:

• Is this a good way to solve this problem?
• How would I go about doing this? Is this something I need to implement client-side (Macbook Pro / Android phone)? Or is this something that needs to be set up on the raspberry pi?
• Is there a better way? Simply having a split tunnel to home (and therefore not encrypting the rest of my traffic) is something I'd prefer not to have to do. I suppose I could just swap back and forth between sister and home full tunnels when accessing home services vs general internet browsing.... but this allows the possibility of some traffic unencrypted "leakage" while shutting down one tunnel and starting another.

Maybe I'm just overthinking this in general. What do y'all think?

This is an automated archive.

The original was posted on /r/wireguard by /u/pinoybear on 2023-12-29 18:33:19+00:00.

I've configured a WireGuard server on my pfSense firewall and am using my Android 14 phone as the client. I have no issues when I connect with a split tunnel.

When I try full tunnel, The client can connect and establish a handshake. The problem is it cannot resolve any DNS.

It don't understand because my understanding is the only thing that should change between full and split tunnel is the AllowedIPs config on my phone.

Here are my WireGuard configs. Any idea why full tunnel won't work? TIA

#pfSense WireGuard config#

[Interface]

Address = 10.6.210.1/24

ListenPort = 69240

PrivateKey = blah

[phone]

PublicKey = blah

PresharedKey = blah

AllowedIPs = 10.6.210.2/32

WireGuard interface firewall rule is configured to allow ipv4&ipv6 any any

#Android WireGuard split tunnel config (no problems)#

[Interface]

Address = 10.6.210.2/24

ListenPort = 69240

DNS = 172.16.1.1

PrivateKey = blah

[Peer]

PublicKey = blah

PresharedKey = blah

AllowedIPs = 10.6.210.0/24``, 172.16.1.0/24``, 172.16.10.0/24

Endpoint = my.pfsense.net:``69420

#Android Wireguard full tunnel config (DNS not working)#

[Interface]

Address = 10.6.210.2/24

ListenPort = 69240

DNS = 172.16.1.1 #also tried 1.1.1.1, 10.6.210.1 and also leaving it blank

PrivateKey = blah

[Peer]

PublicKey = blah

PresharedKey = blah

AllowedIPs = 0.0.0.0/0``, ::/0

Endpoint = my.pfsense.net:``69420

This is an automated archive.

The original was posted on /r/wireguard by /u/cichy1173 on 2023-12-29 18:19:47+00:00.

Hello. I deployed Wireguard in my network, because I need access to some local devices/services being outside the home. Connection works, but I can't access local devices/services, for example to 192.168.1.1 (it is my OpenWrt router) or http://orange.pi:82. The weird thing is that, I could access local devices/services for about two maybe three days after Wireguard Deployment, but now it is not working... on a computer (Fedora Linux with GNOME, Wireguard config imported via Network settings). This feature still works on my mobile phone with the same config (Android/Nothing Phone 1). I deployed Wireguard via PiVPN, but I had the same issue using Docker version of Wireguard. Unfortunately, I need this access on my computer to finish my school projects.

The conf file: (i also tried changing dns for 192.168.1.1 but nothing has changed)

[Interface]
PrivateKey = [redacted]
Address = 10.26.55.3/24
DNS = 208.67.222.222, 208.67.220.220

[Peer]
PublicKey = [redacted]
PresharedKey = [redacted]
Endpoint = [redacted]:51820
AllowedIPs = 0.0.0.0/0

This is an automated archive.

The original was posted on /r/wireguard by /u/dark_tex on 2023-12-29 18:03:27+00:00.

I installed a Pi4 at my parents' house to be my Wireguard server (using pivpn).

Everything works great if I keep the server's IPv6 address in the client's config file, but I get abysmal performance (many websites wouldn't even load, others would load but bandwidth would be excruciatingly low) if I don't.

Why not keep it, then? Well, I'd like to deploy this to my Unifi network (ideally using their newly-released integrated client instead of udm-utils and the likes so that it can survive updates) and unfortunately they don't seem to like IPv6 in Wireguard config files. When I uploaded the config file, Unifi was complaining that the IP address of the server was in the wrong format, and the only way I got it to work was by deleting the v6 address.

I know that this is the root cause because if I delete the v6 address and connect on my Windows client, I get the shitty performance. Add it back and voila we are flying again.

I have no idea why this happens though, and why *some* websites work (albeit slowly) while others never load at all (traceroute doesn't know where to go). Perhaps my parents' ISP has some weird ass configuration?

How would you proceed from here? I'd be interested in workarounds, but I have to say that I am generally curious to learn more about networking and this could be a great opportunity to further my understanding of networks. So, if you wanted to learn more about _why_ this happens and what's really going on, what would your next steps be?

This is an automated archive.

The original was posted on /r/wireguard by /u/metal0rat on 2023-12-29 17:03:17+00:00.

Hi i dont recive data but i think i am connected i setup dyndns and forwared it but i think its a config problem my network runs on 10.0.0.138( this is the router) my config is

Server host: m---s.hopto.org addresses:

• 10.0.1.0 dns:
• 10.0.0.138
• 8.8.8.8

Peers

• name: MeinSmartphone

addresses:

• 10.0.1.0/24

allowed_ips: [] client_allowed_ips: []

Log: peer: zrQBbvQM9eNf/tUsm5GBYB5qB--------TSHKp+DNj8A0= endpoint: 213.225.--.--:51155 allowed ips: 10.0.1.0/24 latest handshake: 7 minutes, 31 seconds ago transfer: 93.48 KiB received, 8.45 KiB sent persistent keepalive: every 25 seconds [17:57:14] INFO: Requesting current status from WireGuard... interface: wg0 public key: LsS1na+TPTY1LNs--------bLeA4o2--------1j5fa/30= private key: (hidden) listening port: 51820

peer: zrQBbvQM9eNf/tUsm5GBYB---_--------------------HKp+DNj8A0= endpoint: 213.225.--.--:51155 allowed ips: 10.0.1.0/24 latest handshake: 8 minutes, 2 seconds ago transfer: 93.48 KiB received, 9.32 KiB sent persistent keepalive: every 25 seconds

This is an automated archive.

The original was posted on /r/wireguard by /u/1FNn4 on 2023-12-29 15:13:55+00:00.

I generated wireguard conf file for cloudflare private tunnel. But I had issue with dns resolved.

github.com/rany2/warp.sh

Client using dnscrypt-proxy:

cat /etc/resolv.conf
nameserver 127.0.0.1 
options edns0 
trust-ad search .

Endpoint also using dnscrypt-proxy cat /etc/resolv.conf

nameserver 127.0.2.1

wireguard conf file:

[Interface] 
PrivateKey = x 
Address = x 
MTU = 1280
PostUp = resolvectl dns %i 127.0.2.1; resolvectl domain %i ~corp

[Peer] 
PublicKey = x
AllowedIPs = 0.0.0.0/0, ::/0 
Endpoint = x

nslookup google.com
;; communications error to 127.0.0.1#53: timed out ;;
 communications error to 127.0.0.1#53: timed out ;; 
communications error to 127.0.0.1#53: timed out ;;
 no servers could be reached

With this configuration I can use ssh to endpoint. But client not using cannot resolve dns querys.

I want to use wireguard with local resolver either client or endpoint.

Thanks advance.

This is an automated archive.

The original was posted on /r/wireguard by /u/Eddybeans on 2023-12-29 09:16:14+00:00.

Hello,

I am a bit lost with wireguard configuration.

I would like to access LAN devices in a client sub network 192.168.8.169 for example so I added 192.168.8.0/24 to the list of allowed ip on the client conf but what when I do that I loose lan access from within the subnet 8 network and I still cannot access any subnet 8 device from another peer.

I also added net.ipv4.ip_forward = 1 on the client

Can someone help ? here is my client config file

[Interface]

PrivateKey = [redacted]

Address = 192.168.27.65/32

DNS = 212.27.38.253

MTU = 1360

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE

[Peer]

PublicKey = [redacted]

Endpoint = redacted:32612

AllowedIPs = 192.168.27.64/27, 192.168.1.0/24, 192.168.8.0/24

PersistentKeepalive = 25

This is an automated archive.

The original was posted on /r/wireguard by /u/Eddybeans on 2023-12-29 09:16:14+00:00.

Hello,

I am a bit lost with wireguard configuration.

I would like to access LAN devices in a client sub network 192.168.8.169 for example so I added 192.168.8.0/24 to the list of allowed ip on the client conf but what when I do that I loose lan access from within the subnet 8 network and I still cannot access any subnet 8 device from another peer.

I also added net.ipv4.ip_forward = 1 on the client

Can someone help ? here is my client config file

[Interface]

PrivateKey = [redacted]

Address = 192.168.27.65/32

DNS = 212.27.38.253

MTU = 1360

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE

[Peer]

PublicKey = [redacted]

Endpoint = redacted:32612

AllowedIPs = 192.168.27.64/27, 192.168.1.0/24, 192.168.8.0/24

PersistentKeepalive = 25