Creating a bug report/issue
Required Information
- DietPi version |
G_DIETPI_VERSION_CORE=8 G_DIETPI_VERSION_SUB=14 G_DIETPI_VERSION_RC=2 G_GITBRANCH='master' G_GITOWNER='MichaIng' G_LIVE_PATCH_STATUS[0]='not applicable'
- Distro version | bullseye
- Kernel version | Linux zeitgeist 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
- SBC model | older Dell PC featuring an i3-2130
- Power supply used | the one built in
- SD card used | a 1 tb toshiba 3.5 inch sata hdd
Additional Information (if applicable)
- Software title | Wireguard
- Was the software title installed freshly or updated/migrated? Freshly installed
- Can this issue be replicated on a fresh installation of DietPi? Probably - but i guess i am doing something wrong here
Steps to reproduce
- Trying to establish a connection with a previously set up client remains unable to establish a connection → protocol shows that the handshakes of the client are not being answered
Expected behaviour
- The connection should be established.
Actual behaviour
- The connection is not being established.
Extra details
Protocol of my wg server:
2023-02-17 16:14:46.762318: [TUN] [vpn-windspiel] Sending handshake initiation to peer 1 (89.12.43.18:51820)
2023-02-17 16:14:51.777741: [TUN] [vpn-windspiel] Handshake for peer 1 (89.12.43.18:51820) did not complete after 5 seconds, retrying (try 2)
Protocol of a wg server where its working correctly:
2023-02-17 16:10:44.939156: [TUN] [##_notebook] Sending handshake initiation to peer 1 (31.18.6.15:51820)
2023-02-17 16:10:44.997503: [TUN] [##_notebook] Receiving handshake response from peer 1 (31.18.6.15:51820)
2023-02-17 16:10:44.997503: [TUN] [##_notebook] Keypair 1 created for peer 1
My best guess is that something with my ufw setup is wrong. If i disable ufw the connection is being established and the handshakes are getting through. However, i think my ufw setup is looking good:
To Action From
-- ------ ----
[ 1] Anywhere on eth0 ALLOW FWD 10.152.231.0/24 on wg0
[ 2] 51820/udp ALLOW IN Anywhere # allow-wireguard
[ 3] Anywhere ALLOW IN 192.168.177.0/24
[ 4] 443 ALLOW IN Anywhere
[ 5] 443 (v6) ALLOW IN Anywhere (v6)
[ 6] 51820/udp (v6) ALLOW IN Anywhere (v6) # allow-wireguard
Note: rule #1, #2 and #6 have been added by the Wireguard setup.
My wg0.conf:
[Interface]
PrivateKey =
Address = 10.152.231.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
MTU = 1420
ListenPort = 51820
### begin vpn-windspiel ###
[Peer]
PublicKey =
PresharedKey =
AllowedIPs = 10.152.231.2/32
### end vpn-windspiel ###
I bet its something simple - but i am just too dumb to find it…