Wireguard no internet

Troubleshooting
1

Hi,

I just do fresh install for DietPi with software list

  • Pi-Hole
    -Unbound
    -Wireguard

wg0.conf

[Interface]
Address = 10.9.0.1/24
PrivateKey =
ListenPort = 51820

PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk ‘{print $5;exit}’).forwarding=1
PostUp = sysctl net.ipv6.conf.$(ip r l 0/0 | mawk ‘{print $5;exit}’).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(ip r l 0/0 | mawk ‘{print $5;exit}’).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o $(ip r l 0/0 | mawk ‘{print $5;exit}’) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(ip r l 0/0 | mawk ‘{print $5;exit}’) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.9.0.0/24 -o $(ip r l 0/0 | mawk ‘{print $5;exit}’) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(ip r l 0/0 | mawk ‘{print $5;exit}’) -j MASQUERADE

Client 1

[Peer]
PublicKey =
AllowedIPs = 10.9.0.2/32

wg0-client.conf

[Interface]
Address = 10.9.0.2/24
PrivateKey =

DNS = 192.168.1.121 [This is the IP address of my DietPi (where the Pi-Hole) is]

[Peer]
PublicKey =

AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = my.domain:51820

when I tried to connect in my phone
I can see the connection is established.
root@DietPi:~# wg

interface: wg0
public key:
private key: (hidden)
listening port: 51820

peer:
endpoint: 219.74.40.172:58576
allowed ips: 10.9.0.2/32
latest handshake: 3 seconds ago
transfer: 281.65 KiB received, 57.80 KiB sent

when i’m opening my browser in my phone and try to open yahoo.com
I can see the request is coming to Pi-Hole

Pi-Hole Logs for 10.9.0.2

2024-07-15 22:21:08 A yahoo.com 10.9.0.2 OK (answered by localhost#5335) IP (7.0ms)

Also my sysctl -a | grep ‘forwarding = 1’

net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.veth0b23713.forwarding = 1
net.ipv4.conf.wg0.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.wg0.forwarding = 1

Pi-Hole also already set to Permit all origins

iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all – anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp – anywhere 172.17.0.2 tcp dpt:9000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
RETURN all – anywhere anywhere

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all – anywhere anywhere
RETURN all – anywhere anywhere

Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all – anywhere anywhere

Any help appreciated

2

Problem is with Docker as Docker is blocking access by default. You would need to allow following

iptables -I DOCKER-USER -i eth0 -o wg0 -j ACCEPT

To make it permanent, you could install following

install iptables-persistent
3

Thanks, its work now
I think i accidentally clicked and installing portainer by accident.
Once re-install without portainer. all working

actually without reinstall also working with your iptables

will be great if this also documented in the docs.

4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.