Having issues with your DietPi installation, or, found a bug? Post it here.
snitty
Posts: 3 Joined: Sat Mar 07, 2020 2:10 pm
Post
by snitty Sat Mar 07, 2020 2:17 pm
I set up wireguard on a new install of DietPi and I, for the life of me, cannot get it to work. I set up WG on my phone using a QR code.
Code: Select all
root@DietPi:/etc/wireguard# more wg0.conf
[Interface]
PrivateKey = [PRIVATE KEY]
Address = 10.6.0.1/24
ListenPort = 51820
# begin USERNAME
[Peer]
PublicKey = [PUBLIC KEY]
PresharedKey = [PRESHARE KEY]
AllowedIPs = 10.6.0.2/32
# end USERNAME
# begin USERNAME_MOBILE
[Peer]
PublicKey = [PUBLIC KEY]
PresharedKey = [PRESHARE KEY]
AllowedIPs = 10.6.0.3/32
# end USERNAME_MOBILE
and
Code: Select all
root@DietPi:/etc/wireguard/configs# more USERNAME_MOBILE.conf
[Interface]
PrivateKey = [PRIVATE KEY]
Address = 10.6.0.3/24
DNS = 1.1.1.1
[Peer]
PublicKey = [PUBLIC KEY]
PresharedKey = [PRESHARE KEY]
Endpoint = MYURL.com:51820
AllowedIPs = 0.0.0.0/0
I changed the DNS to 1.1.1.1 at the urging of folks here.
finally,
Code: Select all
root@DietPi:/etc/wireguard/configs# wg
interface: wg0
public key: [PUBLIC KEY]
private key: (hidden)
listening port: 51820
peer: [PEER]
preshared key: (hidden)
endpoint: 99.203.121.17:49841
allowed ips: 10.6.0.3/32
latest handshake: 1 minute, 43 seconds ago
transfer: 346.77 KiB received, 27.04 KiB sent
peer: [PEER2]
preshared key: (hidden)
allowed ips: 10.6.0.2/32
It's connecting, and clearly sending _something_ back to the phone, but it always times out.
Joulinar
Posts: 3174 Joined: Sat Nov 16, 2019 12:49 am
Post
by Joulinar Sat Mar 07, 2020 3:31 pm
Hi,
how did you install WireGuard? Did you used
dietpi-software ? Barbecue it seems you are missing some parts in your
wg0.conf to forward traffic. My config files looks like this:
Code: Select all
root@DietPi4:/etc/wireguard# cat wg0.conf
[Interface]
Address = 10.9.0.1/24
PrivateKey = xxx
ListenPort = 51820
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
# Client 1
[Peer]
PublicKey = xxx
AllowedIPs = 10.9.0.2/32Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
snitty
Posts: 3 Joined: Sat Mar 07, 2020 2:10 pm
Post
by snitty Sat Mar 07, 2020 3:39 pm
I did install using the built in tools. Maybe I uninstall and just try again…
Joulinar
Posts: 3174 Joined: Sat Nov 16, 2019 12:49 am
Post
by Joulinar Sat Mar 07, 2020 3:47 pm
As well you are using a different IP range for WireGuard > 10.6 .0.x. dietpi-software should be 10.9 .0.xdietpi-software scripts?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
snitty
Posts: 3 Joined: Sat Mar 07, 2020 2:10 pm
Post
by snitty Sat Mar 07, 2020 10:02 pm
I didn't do anything weird with the setup first time around, but I uninstalled and reinstalled and now everything is humming along.
Joulinar
Posts: 3174 Joined: Sat Nov 16, 2019 12:49 am
Post
by Joulinar Sat Mar 07, 2020 10:47 pm
as I said, your server config file was looking quite different than usually provided by dietpi-software. but good that this is working now.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
