Wireguard Isn't Sending Data Back to Peer Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
snitty
Posts: 3
Joined: Sat Mar 07, 2020 2:10 pm

Wireguard Isn't Sending Data Back to Peer

Post by snitty »

I set up wireguard on a new install of DietPi and I, for the life of me, cannot get it to work. I set up WG on my phone using a QR code.

Code: Select all

root@DietPi:/etc/wireguard# more wg0.conf 

[Interface]
PrivateKey = [PRIVATE KEY]
Address = 10.6.0.1/24
ListenPort = 51820
# begin USERNAME
[Peer]
PublicKey = [PUBLIC KEY]
PresharedKey = [PRESHARE KEY]
AllowedIPs = 10.6.0.2/32
# end USERNAME
# begin USERNAME_MOBILE
[Peer]
PublicKey = [PUBLIC KEY]
PresharedKey = [PRESHARE KEY]
AllowedIPs = 10.6.0.3/32
# end USERNAME_MOBILE
and

Code: Select all

root@DietPi:/etc/wireguard/configs# more USERNAME_MOBILE.conf 

[Interface]
PrivateKey = [PRIVATE KEY]
Address = 10.6.0.3/24
DNS = 1.1.1.1

[Peer]
PublicKey = [PUBLIC KEY]
PresharedKey = [PRESHARE KEY]
Endpoint = MYURL.com:51820
AllowedIPs = 0.0.0.0/0
I changed the DNS to 1.1.1.1 at the urging of folks here.

finally,

Code: Select all

root@DietPi:/etc/wireguard/configs# wg
interface: wg0
  public key: [PUBLIC KEY]
  private key: (hidden)
  listening port: 51820

peer: [PEER]
  preshared key: (hidden)
  endpoint: 99.203.121.17:49841
  allowed ips: 10.6.0.3/32
  latest handshake: 1 minute, 43 seconds ago
  transfer: 346.77 KiB received, 27.04 KiB sent

peer: [PEER2]
  preshared key: (hidden)
  allowed ips: 10.6.0.2/32
 
It's connecting, and clearly sending _something_ back to the phone, but it always times out.
User avatar
Joulinar
Posts: 2076
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard Isn't Sending Data Back to Peer

Post by Joulinar »

Hi,

how did you install WireGuard? Did you used dietpi-software? Barbecue it seems you are missing some parts in your wg0.conf to forward traffic. My config files looks like this:

Code: Select all

root@DietPi4:/etc/wireguard# cat wg0.conf
[Interface]
Address = 10.9.0.1/24
PrivateKey = xxx
ListenPort = 51820
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE

# Client 1
[Peer]
PublicKey = xxx
AllowedIPs = 10.9.0.2/32
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
snitty
Posts: 3
Joined: Sat Mar 07, 2020 2:10 pm

Re: Wireguard Isn't Sending Data Back to Peer

Post by snitty »

I did install using the built in tools. Maybe I uninstall and just try again…
User avatar
Joulinar
Posts: 2076
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard Isn't Sending Data Back to Peer

Post by Joulinar »

As well you are using a different IP range for WireGuard > 10.6.0.x.
Usually the default configured by dietpi-software should be 10.9.0.x

did you adjusted this by your own or do you use the default values provided by dietpi-software scripts?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
snitty
Posts: 3
Joined: Sat Mar 07, 2020 2:10 pm

Re: Wireguard Isn't Sending Data Back to Peer

Post by snitty »

I didn't do anything weird with the setup first time around, but I uninstalled and reinstalled and now everything is humming along.
User avatar
Joulinar
Posts: 2076
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard Isn't Sending Data Back to Peer

Post by Joulinar »

as I said, your server config file was looking quite different than usually provided by dietpi-software. but good that this is working now.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply