Wireguard Installation Problem

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
DevinAK
Posts: 7
Joined: Sun Jan 12, 2020 7:27 pm

Wireguard Installation Problem

Post by DevinAK »

Trying out DietPi for use with WireGuard today. Installed a fresh installation of DietPi on my RPi4 and booted up, everything was normal. Let the image do it's thing and update everything to latest.

Installed WireGuard through the DietPi software installation stuff.
Set the server IP to use to XXXXXX.duckdns.org, which points to my public IP.
Left the port as default 51820.
Rebooted once installation was done (it forced me).

Trying to set it up on my iPhone, I ran the command

Code: Select all

grep -v '^#' /etc/wireguard/wg0-client.conf | qrencode -t ansiutf8
to generate a QR code and I added it to my iPhone. Went onto my Orbi system and enabled PortForwarding for the default port number 51820. Disabled uPnP (people had problems with that). Rebooted router.

Connected does not work. Tries to connect, fails, tries to connect, fails, again and again.

Did a DNS lookup on my duckdns URL -> correctly points to my public IP

Then made sure wireguard was running -> running

Code: Select all

wg show
shows that the interface wg0 is in fact running on port 51820.

Then ran

Code: Select all

nmap -sT -O localhost
, the results show that only ports 22, 53, and 80 are open. Running

Code: Select all

nc -zv 192.168.1.XX 51820
on another local system fails with connection refused, which means that port 51820 is in fact not open.

Why is the port not open? I rebooted WireGuard and DietPi multiple times, nothing. Any thoughts?

EDIT:
Running

Code: Select all

ss -lun 'sport = :51820'
does in fact show that the port is open, but the state is `UNCONN`. If this is the case, my port forward should be working but it is not? And also why can't I see the port on my other local machines?
User avatar
Joulinar
Posts: 2085
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard Installation Problem

Post by Joulinar »

Hi,
question for the port forwarding. Did you forward UDP or TCP? Because it should be UDP for VPN usage.

Regarding the port. I quickly checked it on my WireGuard installation and it doesn't show the listen port 51820 at all. Even my installation is working quite well and I can access my system from outside world. So I assume this is a normal behavior.

I found a similar question on the web

https://www.reddit.com/r/WireGuard/comm ... _port_gcp/
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
DevinAK
Posts: 7
Joined: Sun Jan 12, 2020 7:27 pm

Re: Wireguard Installation Problem

Post by DevinAK »

Yeah I made an edit regarding the open port part - I do see the listening activity with a certain command, so that is definitely working. Any other idea on why I cannot connect?
User avatar
Joulinar
Posts: 2085
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard Installation Problem

Post by Joulinar »

for testing purposes, pls can you connect your iPhone to your local network and change on your iPhone within WireGuard App the Endpoint to <YourLocalWireGuardIP:51820> . There we can check if it's working without any DDNS service in between.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
DevinAK
Posts: 7
Joined: Sun Jan 12, 2020 7:27 pm

Re: Wireguard Installation Problem

Post by DevinAK »

Finally a success! I was able to do as you said and now I'm connected to the VPN. What's the next step?
User avatar
Joulinar
Posts: 2085
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard Installation Problem

Post by Joulinar »

so everything is working as expected at least locally. Next step would be to find out why your DDNS and port forwarding is not working probably. OK lets switch to your external internet IP. It can be find out various ways. An easy one is to open following web page on your preferred browser.

Code: Select all

checkip.synology.com
This will tell you your external IP address. Pls go back to your iPhone and enter the IP as endpoint <External-IP>:51820. Once done disconnect from local network and switch on your mobile network connection. Try to connect to WireGuard.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
DevinAK
Posts: 7
Joined: Sun Jan 12, 2020 7:27 pm

Re: Wireguard Installation Problem

Post by DevinAK »

Done, but errored out. Checked app logs and it just keeps retrying a handshake connection. Does that mean the router is not correctly port forwarded?
User avatar
Joulinar
Posts: 2085
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard Installation Problem

Post by Joulinar »

yes indeed. That would be the logical conclusion. pls try to check if you are going to forward port 51820 UDP (not TCP) correctly to your DietPi device.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
DevinAK
Posts: 7
Joined: Sun Jan 12, 2020 7:27 pm

Re: Wireguard Installation Problem

Post by DevinAK »

My router had the option between TCP/UDP, UDP, or TCP. The default selected that I had was TCP/UDP. I just changed it to UDP. Would this have been causing the errors? Just tested ago, still not connecting after changing to UDP only
User avatar
Joulinar
Posts: 2085
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard Installation Problem

Post by Joulinar »

probably. change it to UDP and try to connect
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply