Wireguard - VPN works but no longer internet connection after update to 7.9.3

Totila · 22 December 2021 23:30

Hi there,

Internet doesnt work on my smartphone anymore after a recent update to 7.9.3. It seems things broke after I restarted my pi a couple of days later after the update.

I can SSH into my pi with active VPN but then I cannot browse the internet any more. This was working fine in the past.
Any idea? What information do you need to verify the issue?

Wg0.conf

[Interface]
Address = 10.9.0.1/24,fc00:9:0::1/64
PrivateKey = 
ListenPort = 51820

PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1                                 
PostUp = sysctl net.ipv6.conf.$(ip r l 0/0 | mawk '{print $5;exit}').accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE

Many thanks in advance.

trendy · 23 December 2021 10:08

Can you post the following after the tunnel is up?

iptables-save -c

Totila · 23 December 2021 13:50

Root@DietPi:~# iptables-save -c
# Generated by xtables-save v1.8.2 on Thu Dec 23 14:49:39 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[44:3075] -A FORWARD -i wg0 -j ACCEPT
COMMIT
# Completed on Thu Dec 23 14:49:39 2021
# Generated by xtables-save v1.8.2 on Thu Dec 23 14:49:39 2021
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[8197:660800] -A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Thu Dec 23 14:49:39 2021

Joulinar · 24 December 2021 09:08

just for my unterstanding

DietPi is Wireguard VPn server
your mobile device is connection to the VPN server
your are able to access DietPi via SSH wile your mobile device is outside your local network (while connected on VPN)

Question:

Are you using any local DNS server like PiHole?
are you able to open website https://1.1.1.1/ while connected via VPN?

Totila · 24 December 2021 14:18

Yes to all your questions.

What doesn’t work is reloading content in apps like LinkedIn or opening https://www.dnsleaktest.com as one example showing something is off but I don’t know what that could be.

Joulinar · 24 December 2021 14:21

Do you have set Pihole to listen on all interface, Permit all origins?

Totila · 24 December 2021 17:40

I always had, yes.

But I have reset/reenabled it again and saved the setting in pihole settings page.

Internet seems to work again now.

Issues solved. Thanks