Pivpn stopped working after updating to DietPi 7.0 Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
Post Reply
gasto
Posts: 44
Joined: Fri Dec 04, 2020 2:24 am

Pivpn stopped working after updating to DietPi 7.0

Post by gasto »

Hi there,

I seem to be having some issues with PiVPN. I cannot longer connect to the VPN after updating to Dietpi 7.0.
I can actually make a connection, but I cannot transfer any data, received and sent bytes remain at 0b.

If I use the pivpn debug command I get the following:

Code: Select all

::: Generating Debug Output
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::
commit d7771c251418fa443869397d46f93c5b0c197558
Author: 4s3ti <4s3ti@protonmail.com>
Date:   Sat Feb 6 23:04:11 2021 +0100

    Merge branch test into master

    fixes #1234
    ci/cd fixes and improvements
=============================================
::::        Installation settings        ::::
PLAT=Debian
OSCN=buster
USING_UFW=0
IPv4dev=eth0
install_user=gasto
install_home=/home/gasto
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=10.6.0.1
pivpnDNS2=
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
pivpnPROTO=udp
pivpnDEV=wg0
pivpnNET=10.6.0.0
subnetClass=24
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=0
INSTALLED_PACKAGES=()
=============================================
::::  Server configuration shown below   ::::
[Interface]
PrivateKey = server_priv
Address = 10.6.0.1/24
ListenPort = 51820
### begin gaston ###
[Peer]
PublicKey = gaston_pub
PresharedKey = gaston_psk
AllowedIPs = 10.6.0.2/32
### end gaston ###
=============================================
::::  Client configuration shown below   ::::
[Interface]
PrivateKey = gaston_priv
Address = 10.6.0.2/24
DNS = 10.6.0.1

[Peer]
PublicKey = server_pub
PresharedKey = gaston_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
=============================================
::::    Recursive list of files in       ::::
::::    /etc/wireguard shown below       ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
gaston.conf

/etc/wireguard/keys:
gaston_priv
gaston_psk
gaston_pub
server_priv
server_pub
=============================================
::::            Self check               ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled (it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://github.com/pivpn/pivpn/wiki/FAQ
=============================================

=============================================
::::            Debug complete           ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
Which looks okay to me?

When connecting to this VPN and using the PiVPN "list clients" command I see this all time:

Code: Select all

root@orangedietpi:~# pivpn -c
::: Connected Clients List :::
Name        Remote IP      Virtual IP      Bytes Received      Bytes Sent      Last Seen
gaston      (none)         10.6.0.2        0B                  0B              (not yet)


In case it helps, I´m also using Pihole and Unbound.

Thanks in advance team.
Regards.
User avatar
Joulinar
Posts: 4249
Joined: Sat Nov 16, 2019 12:49 am

Re: Pivpn stopped working after updating to DietPi 7.0

Post by Joulinar »

Hi,

did you adjusted the post? because there was some more information about missing /home/gasto directory before.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
gasto
Posts: 44
Joined: Fri Dec 04, 2020 2:24 am

Re: Pivpn stopped working after updating to DietPi 7.0

Post by gasto »

Hi Joulinar, yes, I reinstalled PiVPN and chose a different user just in case (dietpi) to see if that would be the issue, but the problem remains.

I ran this command now, and got this, not sure if it helps:

Code: Select all

root@orangedietpi:/# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
The "updated" debug:

Code: Select all

root@orangedietpi:/# pivpn -d
::: Generating Debug Output
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::
commit d7771c251418fa443869397d46f93c5b0c197558
Author: 4s3ti <4s3ti@protonmail.com>
Date:   Sat Feb 6 23:04:11 2021 +0100

    Merge branch test into master

    fixes #1234
    ci/cd fixes and improvements
=============================================
::::        Installation settings        ::::
PLAT=Debian
OSCN=buster
USING_UFW=0
IPv4dev=eth0
install_user=dietpi
install_home=/home/dietpi
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=10.6.0.1
pivpnDNS2=
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
pivpnPROTO=udp
pivpnDEV=wg0
pivpnNET=10.6.0.0
subnetClass=24
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=0
INSTALLED_PACKAGES=()
=============================================
::::  Server configuration shown below   ::::
[Interface]
PrivateKey = server_priv
Address = 10.6.0.1/24
ListenPort = 51820
### begin gaston ###
[Peer]
PublicKey = gaston_pub
PresharedKey = gaston_psk
AllowedIPs = 10.6.0.2/32
### end gaston ###
=============================================
::::  Client configuration shown below   ::::
[Interface]
PrivateKey = gaston_priv
Address = 10.6.0.2/24
DNS = 10.6.0.1

[Peer]
PublicKey = server_pub
PresharedKey = gaston_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
=============================================
::::    Recursive list of files in       ::::
::::    /etc/wireguard shown below       ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
gaston.conf

/etc/wireguard/keys:
gaston_priv
gaston_psk
gaston_pub
server_priv
server_pub
=============================================
::::            Self check               ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled (it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
Thank you.


edit: Also, my interface listening option in Pihole is set like this:

Image

Don´t know where that tun0 comes from since ifconfig only shows eth0, lo and wg0.
User avatar
MichaIng
Site Admin
Posts: 2783
Joined: Sat Nov 18, 2017 6:21 pm

Re: Pivpn stopped working after updating to DietPi 7.0

Post by MichaIng »

Are the clients configured to only access Pi-hole or shall they be able to access the web through the VPN as well? And does it work to ping the VPN server via its LAN IP?

And last but not least does the server throw any error logs? I'm not exactly sure how PiVPN sets it up, but the following should show the logs: journalctl -u wg-quick@wg0
User avatar
Joulinar
Posts: 4249
Joined: Sat Nov 16, 2019 12:49 am

Re: Pivpn stopped working after updating to DietPi 7.0

Post by Joulinar »

well you client dosn't seems to connect

Code: Select all

root@orangedietpi:~# pivpn -c
::: Connected Clients List :::
Name        Remote IP      Virtual IP      Bytes Received      Bytes Sent      Last Seen
gaston      (none)         10.6.0.2        0B                  0B              (not yet)
it doesn't show any remote ip, which should be the case if your client would connect correctly

it should looks like this

Code: Select all

root@DietPi3:~# pivpn -c
::: Connected Clients List :::
Name      Remote IP               Virtual IP      Bytes Received      Bytes Sent      Last Seen
Demo      x.x.x.x:30413      10.6.0.2        134KiB              721KiB          Mar 18 2021 - 21:15:58
::: Disabled clients :::
root@DietPi3:~#
as well you can check client connections using native WireGuard tool wg

Code: Select all

root@DietPi3:~# wg
interface: wg0
  public key: xxxx
  private key: (hidden)
  listening port: 51820

peer: xxxx
  preshared key: (hidden)
  endpoint: x.x.x.x:30413
  allowed ips: 10.6.0.2/32
  latest handshake: 1 minute, 51 seconds ago
  transfer: 146.59 KiB received, 740.84 KiB sent
root@DietPi3:~#

as well PiHole would need to be changed to Listen on all interfaces, permit all origins
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
gasto
Posts: 44
Joined: Fri Dec 04, 2020 2:24 am

Re: Pivpn stopped working after updating to DietPi 7.0

Post by gasto »

@MichaIng and @Joulinar

Thank you both for your answers. It seems the issue was with the Endpoint URL. I´m using DuckDNS for the dynamic IP set up, and and I didn´t know that DuckDNS didn´t auto update the public IP when it changed. It appears the public IP change occured just about when I was updating to DietPi 7.0

I tried to modify the endpoint to my public IP for a second and everything was working, so I updated the DuckDNS IP and then modified again to use my duckdns ip on the Wireguard endpoint URL, and now it´s working! So thank you again.

By the way, do you know if there would be some way to auto update duckdns ip? Maybe it´s out of dietpi´s scope, but just in case you knew.

Thank you again :)
User avatar
Joulinar
Posts: 4249
Joined: Sat Nov 16, 2019 12:49 am

Re: Pivpn stopped working after updating to DietPi 7.0

Post by Joulinar »

to update duckdns you can have a look to following link https://github.com/T00mm/duckdns
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
gasto
Posts: 44
Joined: Fri Dec 04, 2020 2:24 am

Re: Pivpn stopped working after updating to DietPi 7.0

Post by gasto »

Thanks again!
User avatar
MichaIng
Site Admin
Posts: 2783
Joined: Sat Nov 18, 2017 6:21 pm

Re: Pivpn stopped working after updating to DietPi 7.0

Post by MichaIng »

A generic DietPi-DDNS script is on the way for next update as well. It'll do basically the same, allows to enter domain and token/password and does a curl every choosable minutes via cron job.

I like the idea to allow multiple domains on the same system. Will pick that up.
Post Reply