hi micha,
just installed wireguard and entered the routers DDNS on setup, but after the automatic restart, wireguard setup does not popup again and is complete?!
how to connect to it? I would like to generate the QR, but how to do that?
root@DietPi:~# qrencode -t ansiutf8 < client1.conf
-bash: client1.conf: No such file or directory
root@DietPi:~# qrencode -t ansiutf8 < /etc/wireguard/peer1.conf
-bash: /etc/wireguard/peer1.conf: No such file or directory
root@DietPi:~#
It did not ask me for my DNS (which should be the pihole).
any help is highly appreciated.
thanks in advance!
Hi,
many thanks for your request. Pls can you check which config files are available on your WireGuard directory.
ls -la /etc/wireguard/
At least you should have 1 client file wg0-client.conf
In addition the WireGuard user guide from DietPi side https://dietpi.com/forum/t/dietpi-software-details-for-all-installation-options/22/127
total 32
drwx------ 2 root root 4096 Jul 9 08:31 .
drwxr-xr-x 70 root root 4096 Jul 9 08:32 …
-rw------- 1 root root 45 Jul 9 08:31 client_private.key
-rw------- 1 root root 45 Jul 9 08:31 client_public.key
-rw------- 1 root root 45 Jul 9 08:31 server_private.key
-rw------- 1 root root 45 Jul 9 08:31 server_public.key
-rw------- 1 root root 1357 Jul 9 08:31 wg0-client.conf
-rw------- 1 root root 1157 Jul 9 08:31 wg0.conf
pls follow the user guide I linked above. It describe how to create the QR code for the clients. As well you can check inside wg0-client.conf about your settings for DNS Server
thanks, I can connect now. but internet access is not possible
can you check on your server using wg command if connection is established? Did you use PiHole as DNS server? DId you changed inside PiHole the configuration to Listen on all interfaces, permit all origins?
interface: wg0
public key:
private key: (hidden)
listening port: 51820
peer:
allowed ips: 10.9.0.2/32
root@DietPi:~#
I removed the keys, but it seems like the connection is established. pihole has all permits, yes. DNS was set in router, not in wireguard.
I did set up a port forward in router
192.168.2.14
::ba27:ebff:fe93:98ba
wireguard
wireguard
51820
51820
I guess connection is not working.
Usually it should looks like this. You should see thinks like latest handshake and transfer data
root@DietPi4:~# wg
interface: wg0
public key: xxx
private key: (hidden)
listening port: 51820
peer: xxx
endpoint: 93.253.115.159:43578
allowed ips: 10.9.0.5/32
latest handshake: 21 seconds ago
transfer: 134.43 KiB received, 1.80 MiB sent
Did you forward UDP or TCP on your router?
I forwarded TCP 51820 for ipv4 and ipv6. what is the UDP port to forward?
WORKS NOW! UDP was the way to make it work.
thanks for helping me out!
yes you need to forward UDP and not TCP
about 55 mbit/s is maximum on my pi 2b, where it was 20 mbit/s on the pi zero throughput.
is that OK?
Managing vanilla WireGuard can be a bit of a manual chore even if you know what you’re doing. Have you thought about using a free management utility? e.g.
interesting tool but it doesn’t seem to be ready yet. Actual version is 0.1 and it has some parts missing like NAT masquerading or some unlogic behaviors on the UI. As well it will not respect current installations of WireGuard and is a conflicting installation for everyone who has WG setup already.