Wireguard and other installations

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
riley226
Posts: 3
Joined: Mon Nov 25, 2019 1:18 am

Wireguard and other installations

Post by riley226 »

Hello,

I am seeking assistance with my current installation of Wireguard. I initially wanted to run docker with my wireguard installation to allow for additional docker apps that I wanted to test and run inside of docker. This didn't work well as once I installed docker, wireguard stopped working. This, I believe was due to the way docker changed the ip tables for dietpi once installed. I then had trouble correcting the issue when attempting to follow the fix on the following threads viewtopic.php?f=11&t=6119&p=19111&hilit ... oke#p19111 and viewtopic.php?p=18196#p18196. So I ultimately decided to move away from docker and do local installs, but still ran into issues with wireguard. I currently have Organizr, NOIP Duc, and Fail2Ban installed. Now when I install wireguard, SSH is not working and I am unable to access my local Organizr application. When I uninstall wireguard, of course everything works as needed. Could someone possibly help point me in the right direction for troubleshooting or will I just have to run wiregurard on another dedicated pi when I get one?
Last edited by riley226 on Wed Nov 27, 2019 9:21 pm, edited 1 time in total.

User avatar
MichaIng
Site Admin
Posts: 1926
Joined: Sat Nov 18, 2017 5:21 pm

Re: Wireguard and other isntallations

Post by MichaIng »

@riley226
Are you trying to install WireGuard as server or as client?

As server, it should not affect any network connection, it only enables an additional via additional wg0 interface.

As client, it depends on the config file, but often is configured to send all outgoing requests through the VPN-only. This means that any direct incoming requests (outside of the VPN) is not answered, since those answers are send through the VPN as well, where they cannot reach the correct recipient. If you need direct incoming access but have internally initiallised requests or such from specific programs/users, going through the VPN, you need some split config via routing tables and connection marks. This is a bid too complicated to quickly guide through here for now ;).

riley226
Posts: 3
Joined: Mon Nov 25, 2019 1:18 am

Re: Wireguard and other isntallations

Post by riley226 »

@MichaIng
Thank you for the reply!

I just did a reinstall of Wireguard. Now when attempting to ssh I am getting the error "ssh: connect to host 192.168.XXX.XXX port 22: Resource temporarily unavailable." Also my local install of Organizr is getting a connection timed out error. Where as before the install ssh was working and Organizer was accessible. Should I maybe reformat and start from a fresh image and do the Wireguard install first and then do my additional installs of Organizr, NOIP Duc, and Fail2Ban?

Also after the Wireguard install I am also getting "INFO Waiting for DietPi-Postboot to finish Press CTRL+C to abort" message not sure if that should flag anything.

Below is an example of my wg0.config if needed for review

Code: Select all

[Interface]
Address = 10.9.0.1/24
PrivateKey = PrivateKey
ListenPort = 51820

PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE

# Client 1
[Peer]
PublicKey = PublicKey
AllowedIPs = 10.9.0.2/32

# Client 2
#[Peer]
#PublicKey = XXXX
#AllowedIPs = 10.9.0.3/32

User avatar
MichaIng
Site Admin
Posts: 1926
Joined: Sat Nov 18, 2017 5:21 pm

Re: Wireguard and other isntallations

Post by MichaIng »

@riley226
Hmm, which SBC/device are you using? And what does the following report:

Code: Select all

journalctl -u [email protected]

riley226
Posts: 3
Joined: Mon Nov 25, 2019 1:18 am

Re: Wireguard and other installations

Post by riley226 »

@MichaIng
This is the Wireguard Server installation on a "Raspberry Pi 3 Model B Rev 1.2" and I have the wifi disabled as the pi is hard wired.

Code: Select all

journalctl -u [email protected]

[email protected]:~# journalctl -u [email protected]
--Logs begin at Thu 2019-02-14 04:11:59 CST, end at Wed 2019-11-27 13:47:14 CST. --
Nov 27 12:41:12 VPN systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Nov 27 12:41:12 VPN wg-quick[421]: [#] ip link add wg0 type wireguard
Nov 27 12:41:12 VPN wg-quick[421]: [#] wg sectionf wg0 /dev/fd/63
Nov 27 12:41:12 VPN wg-quick[421]: [#] ip -4 address add 10.9.0.1/24 dev wg0
Nov 27 12:41:12 VPN wg-quick[421]: [#] ip link set mtu 1420 up dev wg0
Nov 27 12:41:12 VPN wg-quick[421]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf$(sed -n 3p /DietPi/dietpi/.netowrk).forwading=1
Nov 27 12:41:12 VPN wg-quick[421]: net.ipv4.conf.wg0.forwarding =1
Nov 27 12:41:12 VPN wg-quick[421]: net.ipv4.conf.eth0.forwarding =1
Nov 27 12:41:12 VPN wg-quick[421]: [#] sysctl net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.netowrk).accept_ra=2
Nov 27 12:41:12 VPN wg-quick[421]: net
Nov 27 12:41:12 VPN wg-quick[421]: [#] sysctl net.ipv6.conf.wg0.forwarding=1 net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.netowrk).forwading=1
Nov 27 12:41:12 VPN wg-quick[421]: net.ipv6.conf.wg0.forwarding = 1
Nov 27 12:41:12 VPN wg-quick[421]: net.ipv6.conf.eth0.forwarding = 1
Nov 27 12:41:12 VPN wg-quick[421]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.netowrk) -j MASQUERADE
Nov 27 12:41:12 VPN wg-quick[421]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.netowrk) -j MASQUERADE
Nov 27 12:41:12 VPN systemd[1]: Started WireGuard via wg-quick(8) for wg0
[email protected]:~#

Post Reply