This is an automated archive.
The original was posted on /r/wireguard by /u/ozarn on 2023-12-29 23:25:54+00:00.
hello all,
i am new to wireguard, please bear with me. I deployed wireguard on ArchLinux on my network, I can connect to the wireguard server but I cant access anything. I cant even ping IP address i assigned for WG Interface or loop address.
I do have ipv4 forwarding enabled:
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1
I think i have iptables properly configured:
systemctl status iptables
● iptables.service - IPv4 Packet Filtering Framework
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; preset: disabled)
Active: active (exited) since Fri 2023-12-29 14:11:31 PST; 52min ago
Main PID: 339 (code=exited, status=0/SUCCESS)
CPU: 6ms
Dec 29 14:11:30 vps.[redacted].com systemd[1]: Starting IPv4 Packet Filtering Framework...
Dec 29 14:11:31 vps.[redacted].com systemd[1]: Finished IPv4 Packet Filtering Framework.
[root@vps wireguard]# iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4527 1767K ACCEPT 6 -- ens18 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
234 41184 ACCEPT 17 -- ens18 * 0.0.0.0/0 0.0.0.0/0 udp dpt:9473
0 0 ACCEPT 0 -- * * 10.100.94.11 0.0.0.0/0
0 0 ACCEPT 0 -- * * 10.100.94.12 0.0.0.0/0
8 672 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
2 168 ACCEPT 1 -- * * 0.0.0.0/0 0.0.0.0/0
1678 8810K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 REJECT 6 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
1047 100K REJECT 17 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
23 828 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
this is my server's config:
[root@vps wireguard]# cat wg-redacted.conf
[Interface]
Address = 10.100.94.1/24
ListenPort = 9473
PrivateKey = [redacted]
# laptop
[Peer]
PublicKey = [redacted]
AllowedIPs = 10.100.94.11/32
# phone
[Peer]
PublicKey = [redacted]
AllowedIPs = 10.100.94.12/32
my 2 configs for laptop:
laptop.conf
[Interface]
Address = 10.100.94.11/32
PrivateKey = [redacted]
# DNS = 192.168.10.2
[Peer]
PublicKey = [redacted]
PresharedKey = [redacted]
AllowedIPs = 192.168.10.27/24, 172.105.75.112/32, 10.100.94.1/32, 10.36.7.11/32
Endpoint = 192.168.10.27:9473
laptop-all.conf
[Interface]
Address = 10.100.94.11/32
PrivateKey = [redacted]
DNS = 9.9.9.9
[Peer]
PublicKey = [redacted]
PresharedKey = [redacted]
AllowedIPs = 0.0.0.0/0
Endpoint = 192.168.10.27:9473
my network interface configs:
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.36.7.11/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens18: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 46:c0:9d:a7:ef:34 brd ff:ff:ff:ff:ff:ff
altname enp0s18
inet 192.168.10.27/26 metric 1024 brd 192.168.10.63 scope global dynamic ens18
valid_lft 83977sec preferred_lft 83977sec
inet6 fe80::44c0:9dff:fea7:ef34/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: br0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 32:46:5f:65:ae:10 brd ff:ff:ff:ff:ff:ff
4: wg-int: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.100.94.1/24 scope global wg-keahgroup
valid_lft forever preferred_lft forever
networkctl
[root@vps ~]# networkctl
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback routable configured
2 ens18 ether routable configured
3 br0 bridge no-carrier configuring
4 wg-int wireguard routable unmanaged
Again, i am able to connect but i am not even able to ping 10.100.94.1 or loopback interface 10.36.7.11
Any idea on what am i missing? I spent countless hours trying to figure out what i am doing wrong Thanks in advance
EDIT: added output of networkctl