How to configure pipvn

Hi all

I tried to install and configure pivpn and wire guard on my dietpi.

I followed the wizard. For the DNS I used the address reported by some online tool which should be my provider’s (it’s cabled in the modem and I can’t see or changed).

My pi has a static 192.168.1.x ip which is bound to a duckdns.org fqn(it works, I can access my pi using it).

I opened port 51820 in the router.

I think I did everything right, but when I activate the wire guard app on my phone I can’t access my pi.

There’s a snippet of the profile file that was created by pivpn in /home/dietpi/configs and that I imported into my phone via qr code. The only thing I don’t understand is the “aaa.aaa.aaa.aaa” address which is a 10.x.x.x address I don’t know. All the other seems good.

What did I do wrong?

[Interface]
PrivateKey = xxxx
Address = aaa.aaa.aaa.aaa/24
DNS = provider.dns.server.ip

[Peer]
PublicKey = xxxx
PresharedKey = xxxx
Endpoint = myserver.duckdns.org:51820
AllowedIPs = 0.0.0.0/0, ::0/0

My first thought is, that you maybe try a different DNS server, like cloudflare or quad9 or whatever you like. Or set it to 10.6.0.1 to get the DNS from your PI.
You can change this setting directly on your phone, if you use the android wireguard app then this is pretty straight forward.

I don’t think it’s a config issue, since you generated it with PiVPN and used also the QR code to bring it to your phone.
You can also have a look into the logs of the VPN app, if the handshake happens or if you find other hints.

The address you don’t know are coming from the newly created wg0 interface for the VPN. The interface itself has usually (With PiVPN at least) 10.6.0.1 and the “clients” the following IPs.

This only works if there is a DNS server is running on that device. Better to use 1.1.1.1 or 8.8.8.8

But this I don’t understand

Your DuckDNS entry should point to your external public IP address of your router and not to a local 192.168.x.x one.

Hm maybe there lays the pitfall, when you bind a local IP to that domain, and you request this domain from your LAN you are getting to the correct device but sure from outside nobody can connect.

But DuckDNS wouldn’t allow to put in a local IP, right?

Can you check that you’ve got the IP of your Pi there?

Yes, maybe I was a bit unclear, but duckdns is set to my external IP. I can access all my other configured services, like ssh or homer, using myaddress.duckdns.org (if not using the VPN).

Yes, in the router I set the port to be forwarded to the statically assigned internal ip of the pi, like all the other ports I have open for my other services.

I tried opening a site on my phone with the VPN active and the WireGuard android app logs “Sending handshake initiation” until it fails.

did you verified if the external IP is correct and updated on DuckDNS?

If the handshake is failing, it is mostly incorrect port opening on router or incorrect DDNS entry. The port forwarding is UDP or TCP?

The external ip is correctly configured (I can access all other web applications installed on my PI when the VPN is off).

The port is ok in the router forwarding (used the default 51820, TCP protocol).

I tried changing the DNS in the phone app to 8.8.8.8 but to no avail.

Could I have made something wrong with pivpn installation/configuration wizard? Is there a way to reset it from the start?

It needs to be UDP

Bingo!

That was it!

Thank you all very much!

Dietpi is a great piece of software, and also has a great community.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.