Wireguard Mullvad Rpi4 + No Internet

Ode · 24 December 2020 16:13

Hi, i’m a n00b and i recently updated my pi to the latest dietpi v6.34.3 and installed wireguard via dietpi-software

Everything seems to run OK, wg connection “succesfull” but once connected i cannot get internet access. SSH and network samba access are OK.

Could someone please help. Thanks.

Below some details.

root@DietPi:/etc/wireguard# systemctl start wg-quick@mlvd01
root@DietPi:/etc/wireguard# systemctl status wg-quick@mlvd01
● wg-quick@mlvd01.service - WireGuard via wg-quick(8) for mlvd01
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; disabled; vendor preset: enabled)
   Active: active (exited) since Thu 2020-12-24 16:59:48 CET; 8s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 1742 ExecStart=/usr/bin/wg-quick up mlvd01 (code=exited, status=0/SUCCESS)
 Main PID: 1742 (code=exited, status=0/SUCCESS)

Dec 24 16:59:47 DietPi wg-quick[1742]: [#] ip -6 route add ::/0 dev mlvd01 table 51820
Dec 24 16:59:47 DietPi wg-quick[1742]: [#] ip -6 rule add not fwmark 51820 table 51820
Dec 24 16:59:47 DietPi wg-quick[1742]: [#] ip -6 rule add table main suppress_prefixlength 0
Dec 24 16:59:47 DietPi wg-quick[1742]: [#] ip6tables-restore -n
Dec 24 16:59:47 DietPi wg-quick[1742]: [#] ip -4 route add 0.0.0.0/0 dev mlvd01 table 51820
Dec 24 16:59:47 DietPi wg-quick[1742]: [#] ip -4 rule add not fwmark 51820 table 51820
Dec 24 16:59:47 DietPi wg-quick[1742]: [#] ip -4 rule add table main suppress_prefixlength 0
Dec 24 16:59:47 DietPi wg-quick[1742]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
Dec 24 16:59:47 DietPi wg-quick[1742]: [#] iptables-restore -n
Dec 24 16:59:48 DietPi systemd[1]: Started WireGuard via wg-quick(8) for mlvd01.
root@DietPi:/etc/wireguard#

however when i try to ping anything, i cant.

root@DietPi:/etc/wireguard# ping 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
^C
--- 9.9.9.9 ping statistics ---
26 packets transmitted, 0 received, 100% packet loss, time 988ms

root@DietPi:/etc/wireguard# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether xxx
    inet 192.168.xxx/24 brd 192.168.xxx.255 scope global dynamic eth0
       valid_lft 862791sec preferred_lft 862791sec
    inet6 xxxx/64 scope link
       valid_lft forever preferred_lft forever
3: mlvd01: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.xxx/32 scope global mlvd01
       valid_lft forever preferred_lft forever
    inet6 fc00:xxx/128 scope global
       valid_lft forever preferred_lft forever

root@DietPi:/etc/wireguard# wg show
interface: mlvd01
public key: xxxx
private key: (hidden)
listening port: 47970
fwmark: 0xca6c

peer: xxx
endpoint: xxx:51820
allowed ips: 0.0.0.0/0, ::/0
transfer: 0 B received, 6.21 KiB sent
root@DietPi:/etc/wireguard#

root@DietPi:/etc/wireguard# lsmod | grep wireguard
wireguard 131072 0
ip6_udp_tunnel 16384 1 wireguard
udp_tunnel 16384 1 wireguard
ipv6 458752 48 nf_reject_ipv6,wireguard

root@DietPi:/etc/wireguard# ls -Al /sys/class/net/
total 0
lrwxrwxrwx 1 root root 0 Dec 24 16:45 eth0 → …/…/devices/platform/scb/fd580000.ethernet/net/eth0
lrwxrwxrwx 1 root root 0 Dec 24 16:45 lo → …/…/devices/virtual/net/lo
lrwxrwxrwx 1 root root 0 Dec 24 17:09 mlvd01 → …/…/devices/virtual/net/mlvd01

Joulinar · 26 December 2020 20:39

Hi,

many thanks for your message. Probably this is related to the Mullvad config file. Unfortunately I don’t have a Mullvad account, therefore I’m not able to test your setup. Maybe you can ask on a Mullvad specialised board on what the issue could be.

trendy · 27 December 2020 14:43

You don’t have any bytes received. This is usually a key issue. Verify that you have installed the configuration and the keys properly.
The public key of the server must be in the wg peer part of the configuration.
In the wg interface part of the configuration you must have your private key.
Also if there is some pre-shared key it also must be defined in the peer.
Verify that the peer address and port are correct too.

Joulinar · 27 December 2020 15:09

I guess WG config file was download from Mullvad site. If I’m not mistaken, there you have a configurator

trendy · 28 December 2020 12:53

I suppose so, but from my experience if there are no received bytes it means that the packets you sent were not authenticated and, since wireguard protocol is quite “silent”, the server didn’t respond.

Ode · 28 December 2020 13:45

Hello again, thanks for your feedback on this.
As it turns out it seems to be just some servers affected. When i tried another server (country actually) all works as expected.

thanks again.

Joulinar · 28 December 2020 16:01

than it is an issue at Mullvad side and we are not able to do anything against it from DietPi side.