So I’m new to using WireGuard and think it’s a nice looking VPN however I’m struggling to get my devices to access my network and the rest of the internet through it.
My routers IP is: 172.16.1.9, I want to be able to access my router when I am away from home. Here is how I currently have my client configuration
[Interface]
Address = 10.9.0.1/24
PrivateKey = ***
# Comment the following to preserve the clients default DNS server, or force a desired one.
DNS = 172.16.1.9
# Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN $
# NB: This requires "iptables" to be installed, thus will not work on most mobile phones.
#PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT &&$
#PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT &$
[Peer]
PublicKey = ***
# Tunnel all network traffic through the VPN:
# AllowedIPs = 0.0.0.0/0, ::/0
# Tunnel access to server-side local network only:
AllowedIPs = 172.16.1.0/24
# Tunnel access to VPN server only:
#AllowedIPs = 0.0.0.0/0, ::/0
AllowedIPs = 172.16.1.0/24
Endpoint = XXX.asuscomm.com:51820
#
# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
#PersistentKeepalive = 25
Why am I not able to connect to the VPN?
Hi,
do you activated port forwarding on your Internet router?
Next to that there are some parts who did not seems to be correct on your client config
[Interface]
Address = 10.9.0.1/24
10.9.0.1 should be the IP address of your WireGuard Server. It can’t be used for your client.
AllowedIPs = 172.16.1.0/24
This will tunnel traffic of your local network only through the VPN. Rest of the traffic will go to the internet directly from your mobile device.
Pls can you past server config file as well
Alright so a couple questions, so for the 10.9.0.2 address would i swap that with my DietPI IP? How do I get the WG Server IP?
Also since I posted this I was having issues with DietPi so just reinstalled the whole thing, but I’m still having issues connecting through the VPN
Here is my server config
[Interface]
Address = 10.9.0.1/24
PrivateKey = *****
ListenPort = 51820
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
# Client 1
[Peer]
PublicKey = ******
AllowedIPs = 10.9.0.2/32
Client conf
[Interface]
Address = 10.9.0.2/24
PrivateKey = ***
# Comment the following to preserve the clients default DNS server, or force a desired one.
DNS = 172.16.*.*
# Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN server
# NB: This requires "iptables" to be installed, thus will not work on most mobile phones.
#PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
#PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[Peer]
PublicKey = ****
# Tunnel all network traffic through the VPN:
# AllowedIPs = 0.0.0.0/0, ::/0
# Tunnel access to server-side local network only:
AllowedIPs = 172.16.*.0/24
# Tunnel access to VPN server only:
# AllowedIPs = 172.16.*.*/32
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = ****:51820
# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
#PersistentKeepalive = 25
Also I’m pretty sure I forwarded it correctly on my router
My forward settings no router
Hi,
there is no need to swap any IP’s. Your DietPi system will keep the local IP (172.16.1.x) for local connection inside your local network. But the VPN server will get an own IP address in addition (10.9.0.1). This IP is used for VPN communication between VPN Server and VPN Client. So your DietPi system will have 2 IP/Interfaces if the WireGuard service is started. For your WireGuard clients you would need to assign IP’s starting 10.9.0.2 and following.
Ok let’s do it step by step and try to connect from internal local network first before checking the external connection.
- your mobile device needs to be connected with your local network
- delete the client configuration on your mobile device
- adjust wg0-client.conf and change the EndPoint to your DietPi System local IP
- Endpoint = :51820
- restart the WireGuard Service
- systemctl restart wg-quick@wg0.service
- create a new QR code
- grep -v ‘^#’ /etc/wireguard/wg0-client.conf | qrencode -t ansiutf8
- scan the QR Code with your mobile device
- try to connect with your mobile device to the WireGuard Server.
- check if you see the connection established on your WireGuard Server. Execute the following command
- wg
- if connection is working, you should see something like this
-
root@DietPi4:/etc/wireguard# wg
interface: wg0
public key: ******
private key: (hidden)
listening port: 51820
peer: ******
endpoint: 192.168.0.95:46858
allowed ips: 10.9.0.2/32
latest handshake: 4 seconds ago
transfer: 5.36 KiB received, 6.18 KiB sent
Good news, so out of the blue it started working. However I cant seem to configure it on my computer. I use Ubuntu but whenever I choose the “Import from VPN configuration” I get a message saying “The file could not be read or does not contain VPN connection information”
I guess you can’t simply import WireGuard Config file into Ubuntu. You would need to install WireGuard as well and run it in client mode.