WireGuard not reachable all of a sudden?

naddel91 · July 20, 2023, 7:33pm

Hi at all,

just wanted to politely ask why I cannot connect to my remote wireguard server anymore:

https://abload.de/img/1689881347909xjidd.jpg(image larger than 4 MB)

any help is highly appreciated. thanks in advance!

Joulinar · July 20, 2023, 7:45pm

can you share

journalctl -u wg-quick@wg0.service

naddel91 · July 20, 2023, 7:52pm

2000×1500 590 KB

Joulinar · July 20, 2023, 8:12pm

did you tried to reboot? Btw no need to create screen shots. You should be able to copy/past directly from SSH terminal.

naddel91 · July 21, 2023, 7:07pm

copy and paste does not work over remote unfortunately. reboot did not fix it. can install just fine, then I generate the QR code but connection does not return data.

Jappe · July 21, 2023, 7:46pm

The log says:
wg-quick: 'wg0' already exists.
So the interface wg0 is already running.
Maybe you can try wg-quick down wg0 and then restart the wg-quickservice?

But the question is, why is it alrready running.

Joulinar · July 21, 2023, 7:49pm

Pls reboot and share again following once system is back online. Try to connect via SSH

journalctl -u wg-quick@wg0.service

naddel91 · July 21, 2023, 7:52pm

Joulinar · July 21, 2023, 8:29pm

Wireguard server seems to be up and running correctly. This indicates a client issue. Probably incorrect or not up to date DDNS or missing port forwarding on the internet router.

naddel91 · July 21, 2023, 8:49pm

DDNS Ping Check says OK, Port FAIL.
Router tells me port is forwarded:

Joulinar · July 22, 2023, 8:36am

From the server side, it is almost impossible to investigate this because there are simply no logs. Check your client. Some clients, such as Android, allow logs to be saved and checked, which could be the problem.

Usually these problems are related to DDNS not being updated or port forwarding not working correctly.

naddel91 · July 22, 2023, 10:16am

could it be a pihole settings that is interfering?

Joulinar · July 22, 2023, 10:28am

Usually you would need to set permit all origins within interface settings.

naddel91 · July 22, 2023, 10:33am

thought so. done and even after restart. PORT is not open (is what the port scanner from DDNS company dynu tells me).

Joulinar · July 22, 2023, 10:36am

Wireguard is using a UDP port. Usually it will not be detected by a port scanner. Still, have a look to your client, if there are logs available. Ensure port forwarding is done on UDP port and not TCP.

naddel91 · July 22, 2023, 11:45am

I checked twice that it is the UDP port that is forwarded. It works natively when I set up WG server on my router (fritzbox), but it does not work using dietpi on the same network. I guess it has to do with routing between 10.x.x.x to 192.168.2.x networks. on the Fritzbox that is done directly without a different 10.x.x.x network.

Joulinar · July 22, 2023, 1:09pm

Did you already checked client logs already? Did you check if the client is connected using wg command? Did you installed Docker recently?

naddel91 · July 22, 2023, 8:05pm

client is my android smartphone WG app. I dunno if there are logs anywhere. at least not in the UI. docker? no. all native on dietpi VM.

Jappe · July 22, 2023, 11:07pm

In the wireguard android app, click on the profile and then open the three dot menu in the top right corner, there you can find the logs.

naddel91 · July 23, 2023, 7:02am

it is sending handshake initiation, but does not get anything back. “DequeueBuffer time out …”