2 RPi connected via Wireguard Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
User avatar
trendy
Posts: 152
Joined: Tue Feb 25, 2020 2:54 pm

Re: 2 RPi connected via Wireguard

Post by trendy »

cc13 wrote: Mon Nov 09, 2020 3:00 pm endpoint: [x:x:x:x:x:x:x:x]:51820
Is the IPv6 of the endpoint the one that the Wireguard RPi4 server has? Or does it belong to the router of your ISP?
cc13
Posts: 27
Joined: Wed Mar 13, 2019 1:31 pm

Re: 2 RPi connected via Wireguard

Post by cc13 »

It could be that the port forwarding is limited to IPV4 on the router from the RPi4. I have to double check that later this week. But wondering why a actual MAC OS and Android 10 is working fine with the same setup, with the same local networks.

Is there a possibility to restrict the VPN connection to IP4 only. I know it's old but for testing purpose good enough.
User avatar
Joulinar
Posts: 2572
Joined: Sat Nov 16, 2019 12:49 am

Re: 2 RPi connected via Wireguard

Post by Joulinar »

well I have limited my entire network to IPv4 :)

You could disable IPv6 on your client server within dietpi-config network settings and remove, ::/0 inside your Wireguard client configuration.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
cc13
Posts: 27
Joined: Wed Mar 13, 2019 1:31 pm

Re: 2 RPi connected via Wireguard

Post by cc13 »

In another Thread about Wireguard I saw the following command sysctl net.ipv4.ip_forward

On my PI3 it shows:

Code: Select all

root@DietPi:/etc/wireguard# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
on the PI4:

Code: Select all

root@DietPi4:/etc/wireguard/configs# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
Make that sense?
User avatar
Joulinar
Posts: 2572
Joined: Sat Nov 16, 2019 12:49 am

Re: 2 RPi connected via Wireguard

Post by Joulinar »

that should be ok if your RPi3 is just a client and there are no other clients on that network who like to access the VPN tunnel.

But anyway you are still lacking the basic very first think. A valid VPN connection. As long as you don't see a handshake on the wg command output, your VPN connection is not established.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
trendy
Posts: 152
Joined: Tue Feb 25, 2020 2:54 pm

Re: 2 RPi connected via Wireguard

Post by trendy »

cc13 wrote: Mon Nov 09, 2020 4:31 pm It could be that the port forwarding is limited to IPV4 on the router from the RPi4. I have to double check that later this week. But wondering why a actual MAC OS and Android 10 is working fine with the same setup, with the same local networks.
There is no NAT6 by default. The port forwarding rule will work only on IPv4. So if you are trying to access over IPv6 you need to use the global IPv6 of the RPi4.
cc13 wrote: Mon Nov 09, 2020 4:31 pm Is there a possibility to restrict the VPN connection to IP4 only. I know it's old but for testing purpose good enough.
In endpoint use the IPv4. That should work.
For a permanent workaround you can discard the AAAA answers you receive from the resolver.
In dnsmasq this can be done with these 2 lines:

Code: Select all

address=/server.example.com/::
server=/server.example.com/#
cc13
Posts: 27
Joined: Wed Mar 13, 2019 1:31 pm

Re: 2 RPi connected via Wireguard

Post by cc13 »

Hello,

after changing the portforwarding my RPi4 Router to IPV4 and IPV6 no changes with the RPi3.

But what I regocized last week and tested again today, the resolv.conf changed and removed the DNS entries.

What I did: Fresh installation of DietPi, OpenSSH, Docker (plus some containers). All was working fine with DNS. I installed wireguard, added a wg0.conf and tried to connect RPi3 with RPi4 over VPN. Same issue, no VPN handshake. But DNS was working fine too.

After a reboot of the RPi3, DNS is not longer working. Second entry is my backup-file.

Code: Select all

root@DietPi:/etc# ls -al resolv*
lrwxrwxrwx 1 root root   31 Nov 16 11:15 resolv.conf -> /etc/resolvconf/run/resolv.conf
-rw-r--r-- 1 root root   23 Nov 10 09:33 resolv.conf_org

Code: Select all

root@DietPi:/etc# cat resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
That's not what I expected. Before the reboot in the resolv.conf 2 DNS entries was included.
User avatar
Joulinar
Posts: 2572
Joined: Sat Nov 16, 2019 12:49 am

Re: 2 RPi connected via Wireguard

Post by Joulinar »

can you have a look to dietpi-config > Network Options: Adapters. Usually there you should be able to set DNS server. Strange that it is gone on your config.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
cc13
Posts: 27
Joined: Wed Mar 13, 2019 1:31 pm

Re: 2 RPi connected via Wireguard

Post by cc13 »

After applaying the DNS seeting again in the config it's working fine.
User avatar
Joulinar
Posts: 2572
Joined: Sat Nov 16, 2019 12:49 am

Re: 2 RPi connected via Wireguard

Post by Joulinar »

still strange settings got removed. :?

But good that it is solved now
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply