2 RPi connected via Wireguard Topic is solved

[trendy]

endpoint: [xxxx:x]:51820

Is the IPv6 of the endpoint the one that the Wireguard RPi4 server has? Or does it belong to the router of your ISP?

[cc13]

It could be that the port forwarding is limited to IPV4 on the router from the RPi4. I have to double check that later this week. But wondering why a actual MAC OS and Android 10 is working fine with the same setup, with the same local networks.

Is there a possibility to restrict the VPN connection to IP4 only. I know it's old but for testing purpose good enough.

[Joulinar]

well I have limited my entire network to IPv4

You could disable IPv6 on your client server within dietpi-config network settings and remove, ::/0 inside your Wireguard client configuration.

[cc13]

In another Thread about Wireguard I saw the following command sysctl net.ipv4.ip_forward

On my PI3 it shows:

Code: Select all

root@DietPi:/etc/wireguard# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

on the PI4:

Code: Select all

root@DietPi4:/etc/wireguard/configs# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Make that sense?

[Joulinar]

that should be ok if your RPi3 is just a client and there are no other clients on that network who like to access the VPN tunnel.

But anyway you are still lacking the basic very first think. A valid VPN connection. As long as you don't see a handshake on the wg command output, your VPN connection is not established.

[trendy]

It could be that the port forwarding is limited to IPV4 on the router from the RPi4. I have to double check that later this week. But wondering why a actual MAC OS and Android 10 is working fine with the same setup, with the same local networks.

There is no NAT6 by default. The port forwarding rule will work only on IPv4. So if you are trying to access over IPv6 you need to use the global IPv6 of the RPi4.

Is there a possibility to restrict the VPN connection to IP4 only. I know it's old but for testing purpose good enough.

In endpoint use the IPv4. That should work.
For a permanent workaround you can discard the AAAA answers you receive from the resolver.
In dnsmasq this can be done with these 2 lines:

Code: Select all

address=/server.example.com/::
server=/server.example.com/#

[cc13]

Hello,

after changing the portforwarding my RPi4 Router to IPV4 and IPV6 no changes with the RPi3.

But what I regocized last week and tested again today, the resolv.conf changed and removed the DNS entries.

What I did: Fresh installation of DietPi, OpenSSH, Docker (plus some containers). All was working fine with DNS. I installed wireguard, added a wg0.conf and tried to connect RPi3 with RPi4 over VPN. Same issue, no VPN handshake. But DNS was working fine too.

After a reboot of the RPi3, DNS is not longer working. Second entry is my backup-file.

Code: Select all

root@DietPi:/etc# ls -al resolv*
lrwxrwxrwx 1 root root   31 Nov 16 11:15 resolv.conf -> /etc/resolvconf/run/resolv.conf
-rw-r--r-- 1 root root   23 Nov 10 09:33 resolv.conf_org

Code: Select all

root@DietPi:/etc# cat resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

That's not what I expected. Before the reboot in the resolv.conf 2 DNS entries was included.

[Joulinar]

can you have a look to dietpi-config > Network Options: Adapters. Usually there you should be able to set DNS server. Strange that it is gone on your config.

[cc13]

After applaying the DNS seeting again in the config it's working fine.

[Joulinar]

still strange settings got removed.

But good that it is solved now