This is an automated archive.
The original was posted on /r/wireguard by /u/-quakeguy- on 2024-01-22 16:39:25+00:00.
I deployed wg on my as6706t NAS like so:
version: "3.8"
services:
wg-easy:
environment:
- LANG=en
- WG_HOST=my.censored.domain
- PASSWORD=foobar123
- WG_PORT=51820
- WG_DEFAULT_ADDRESS=192.168.2.x
- WG_DEFAULT_DNS=192.168.1.2
- WG_MTU=1420
- WG_ALLOWED_IPS=0.0.0.0/0
- WG_PERSISTENT_KEEPALIVE=15
image: ghcr.io/wg-easy/wg-easy
container_name: wg-easy
volumes:
- config:/etc/wireguard
ports:
- "51820:51820/udp"
- "8085:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
volumes:
config:
Home network is 192.168.1.0/24 and I want to use 192.168.2.0/24 for my wg client range. I created a client in the web UI, used the QR code to get the info to my iPhone and as long as my phone is on the same WIFI network (and assuming I adjust the iOS client to actually talk to the internal network IP for the machine running WG), the connection is established and I see it in the web UI.
The problem is when I try connect from outside the home. I disable WIFI, which drops me to my mobile connection for data, then I ensure my home router's public IP is what I'm actually connecting to in the iOS client, I ensure port 51820 is forwarded on my home router to the correct internal IP (I have a whole lot of other ports forwarded to that same exact host and these port mappings work fine) yet... the handshake never completes when connecting from outside.