I have been using this server for a year with no issue.

I recently changed ISP modem and reinstalled wireguard.

Now I can’t seem to connect to my wireguard server when I use an external LAN network.

It works when I use my 5g connection or a hostspot.

I have no idea what is going on. Can someone help me?

Here is my pivpn debug file,

::: Generating Debug Output
:::: PiVPN debug ::::

:::: Latest commit ::::
Branch: master
Commit: 4e4d608b35255680eb1545bfb5555c5b74411b31
Author: wlmchen
Date: Sun Jul 28 17:29:36 2024 -0700
Summary: Fix Alpine persistence

:::: Installation settings ::::
PLAT=Debian
OSCN=bullseye
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
install_user=dietpi
install_home=/home/dietpi
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.104.71.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS=“0.0.0.0/0, ::0/0”
INSTALLED_PACKAGES=(wireguard-tools qrencode)

:::: Server configuration shown below ::::
[Interface]
PrivateKey = server_priv
Address = 10.104.71.1/24
MTU = 1420
ListenPort = 51820

begin iphone15pm

[Peer]
PublicKey = iphone15pm_pub
PresharedKey = iphone15pm_psk
AllowedIPs = 10.104.71.2/32

end iphone15pm

=============================================
:::: Client configuration shown below ::::
[Interface]
PrivateKey = iphone15pm_priv
Address = 10.104.71.2/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = server_pub
PresharedKey = iphone15pm_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0

:::: Recursive list of files in ::::
:::: /etc/wireguard shown below ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
iphone15pm.conf

/etc/wireguard/keys:
iphone15pm_priv
iphone15pm_psk
iphone15pm_pub
server_priv
server_pub

:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp

:::: Having trouble connecting? Take a look at the FAQ:
:::: FAQ - docs.pivpn.io

:::: WARNING: This script should have automatically masked sensitive ::::
:::: information, however, still make sure that PrivateKey, PublicKey ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this: ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::

:::: Debug complete ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::

And I have already port forwarded the right port on my router.

Any ideas on what I can do ?

There should be no need to reinstall VPN while changing ISP

Probably the external lan network is using same IP address range as your local network. At least it seems to be an issue of that lan network if other connections working fine.

Do you use the same device for testing on all networks?

Yes so far I only used my iphone.

But I made sure Im using different ip address ranges on both sides.

However my ISP has not activated my ipv6 and both my friends houses have ipv6 enabled, could this be an issue?

IPv6 is not needed. On client app you should see if it connects or not. As well you should see if your client app is retrieving correct IP address for your DDNS. Next check the log within client app.

So I used a macbook as well.

When I connect to my phone as the hotspot, and turn on the wireguard client on my laptop, I can connect to my network and I am able to access the devices.

If i switch to an external wifi connection, it does not let me connect! zero traffic.

I checked the ip address it’s correct since I am able to connect using a cellular data connection.

I don’t understand why it does not work with LAN.

Do you think it has something to do with the VLANs setup on the new ISP router?

Check the Wireguard client app log for issues.

At least server side seems to be working as you are able to connect.

Ok the logs didnt appear just now but now I can see something after restarting my laptop weirdly.

I tried to connect using the hotspot and also with wifi, I am not sure which is which.

wireguard-log-2024-08-05T202515Z.txt (126.0 KB)

So I tried it from my friends house that has ipv4 only, and i can connect! but when i go to my neighbour who has ipv4 and ipv6, it does not work.

my modem and wireguard used to support both ipv4 and ipv6, but now the isp has yet to activate my ipv6. could this be causing some weird issue???

Your mobile phone should also have an IPv6 address when using the mobile internet. Isn’t it?

According to your log, an attempt is being made to establish the connection via IPv4. But for some reason the connection from the affected LAN is not possible. Perhaps something is being blocked. Either in the network itself or at the corresponding ISP.

2024-08-06 03:50:59.695861: [NET] peer(zj8L…AHTg) - Failed to send data packet: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: network is unreachable
2024-08-06 03:50:59.697019: [NET] peer(zj8L…AHTg) - Failed to send data packet: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: network is unreachable
2024-08-06 03:50:59.698615: [NET] peer(zj8L…AHTg) - Failed to send data packet: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: network is unreachable
2024-08-06 03:50:59.713287: [NET] peer(zj8L…AHTg) - Failed to send data packet: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: network is unreachable

2024-08-06 03:51:02.350157: [NET] peer(zj8L…AHTg) - Sending handshake initiation
2024-08-06 03:51:02.351026: [NET] peer(zj8L…AHTg) - Failed to send handshake initiation: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: no route to host
2024-08-06 03:51:02.810763: [NET] peer(zj8L…AHTg) - Failed to send data packet: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: no route to host
2024-08-06 03:51:02.812628: [NET] peer(zj8L…AHTg) - Failed to send data packet: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: no route to host
2024-08-06 03:51:02.813974: [NET] peer(zj8L…AHTg) - Failed to send data packet: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: no route to host
2024-08-06 03:51:02.815353: [NET] peer(zj8L…AHTg) - Failed to send data packet: write udp4 0.0.0.0:49465->119.xx.xx.xx:51820: sendto: no route to host
2024-08-06 03:51:03.695743: [APP] startDeactivation: Tunnel: mba15m3
2024-08-06 03:51:03.699475: [APP] Tunnel 'mba15m3' connection status changed to 'disconnecting'

No, my phone does not have ipv6, also my friends house doesnt have ipv6 and for some reason it works.

As said it doesn’t require any IPv6 connection. You would need to check why your external IP can’t be reached from specific location.

I understand that. I have used it before when i only had ipv4 on my wireguard server as well.

All i am saying is another person who also only has ipv4 is able to connect but a connection with ipv4 and ipv6 for some reason tries to squeeze into the ipv6 connection and I dont see anything in the docs to disable or force ipv4.

Is there a way in dietpi or wireguard to force it ?

I do not know why you are running around the IPv6 topic. In the logs there is no indication of an attempt to establish an IPv6 connection. All attempts have been made using the same IPv4 address 119.xx.xx.xx. There is one attempt in the log where the connection could not be established and the error message is quite clear as described above.

119.xx.xx.xx:51820: sendto: network is unreachable
119.xx.xx.xx:51820: sendto: no route to host

Perhaps the LAN does not support IPv4? I don’t know.

Anyway, I can’t add anything else here. Maybe @trendy has another idea.

Yeah, the error message is clear that the host doesn’t have a route for the VPN server. Which should not be the case if there is a default gateway.

Sorry I dont understand, what doesnt have a default gateway ? my home network? my wireguard server? the external network im using?

could it be because we are all using the same 6rd tunnels for ipv6 from our ISP?

My new ONR from my ISP has static routes. Could it be that I have to create something new here?

holy shit you are right.

I tried to connect to a SSH port directly in my 5gbps network fro ma 1gbps network and it says there is no path to the host! what the hell ? does that mean these public ip addresses are not able to talk to each other???

Can you run the following on the device that is trying to connect to the VPN?

ip -4 ro list table all
ip ro get 119.xx.xx.xx

It goes withouth saying that you need to replace the xx with the actual IP address.

This topic was automatically closed 178 days after the last reply. New replies are no longer allowed.