Update to 7.1.2 - VPN via wireguard no longer working Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
Post Reply
Totila
Posts: 56
Joined: Sun Aug 04, 2019 8:29 am

Update to 7.1.2 - VPN via wireguard no longer working

Post by Totila »

Hi there,

Were there any wire guard related changes with the latest update?

I haven't changed any settings but can no longer access my home nextcloud instance with activated wireguard connection.

Code: Select all

wg show
doesn't show any handshake information.
Not sure if this could be related to pihole (which is installed as well on my pi3).

I would like to avoid starting from scratch with wireguard, pihole, unbound) so thought would check first here to see if there are any trouble shooting ideas. (I don't have any)

Many thanks for any input on the matter.

T
User avatar
Joulinar
Posts: 4783
Joined: Sat Nov 16, 2019 12:49 am

Re: Update to 7.1.2 - VPN via wireguard no longer working

Post by Joulinar »

Hi,

PiHole and unbound are not involved within the basic VPN connection between client and server. They play a role later one once clients will do DNS resolution. But for this VPN connection needs to be established first.

Does wg command give anything back or nothing?
What is the status of WireGuard service systemctl status wg-quick@wg0.service?
Do you use plain WireGuard or PiVPN?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Totila
Posts: 56
Joined: Sun Aug 04, 2019 8:29 am

Re: Update to 7.1.2 - VPN via wireguard no longer working

Post by Totila »

Thanks for your quick reply. Here is the info you asked for:

Code: Select all


root@DietPi:~# wg
interface: wg0
  public key: [...]
  private key: (hidden)
  listening port: 51820

peer: [...]
  allowed ips: 10.9.0.2/32, fd86::2/128

peer: [...]
  allowed ips: 10.9.0.3/32, fd86::3/128

peer: [...]
  allowed ips: 10.9.0.4/32, fd86::4/128

peer: [...]
  allowed ips: 10.9.0.5/32, fd86::5/128

Code: Select all

root@DietPi:~# systemctl status wg-quick@wg0.service?
root@DietPi:~# systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)   Active: active (exited) since Fri 2021-05-14 22:16:16 CEST; 24min ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 12372 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
 Main PID: 12372 (code=exited, status=0/SUCCESS)

May 14 22:16:16 DietPi wg-quick[12372]: net.ipv4.conf.wg0.forwarding = 1
May 14 22:16:16 DietPi wg-quick[12372]: net.ipv4.conf.wlan0.forwarding = 1
May 14 22:16:16 DietPi wg-quick[12372]: [#] sysctl net.ipv6.conf.$(sed -n 3p /run/dietpi/.network).accept_ra=2
May 14 22:16:16 DietPi wg-quick[12372]: net.ipv6.conf.wlan0.accept_ra = 2
May 14 22:16:16 DietPi wg-quick[12372]: [#] sysctl net.ipv6.conf.wg0.forwarding=1 net.ipv6.conf.$(sed -n 3p /run/dietpi/.network).forwarding=1
May 14 22:16:16 DietPi wg-quick[12372]: net.ipv6.conf.wg0.forwarding = 1
May 14 22:16:16 DietPi wg-quick[12372]: net.ipv6.conf.wlan0.forwarding = 1
May 14 22:16:16 DietPi wg-quick[12372]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
May 14 22:16:16 DietPi wg-quick[12372]: [#] ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
May 14 22:16:16 DietPi systemd[1]: Started WireGuard via wg-quick(8) for wg0.
User avatar
Joulinar
Posts: 4783
Joined: Sat Nov 16, 2019 12:49 am

Re: Update to 7.1.2 - VPN via wireguard no longer working

Post by Joulinar »

ok server side seems to be fine.

Are you sure port forwarding is correctly set? and your clients use the correct external IP/DDNS? Usually a missing handshake means, your clients do not connect to your server.

Unfortunately WireGuard don't have a log on server side that can be checked. But on the client there is a log on the app where you can have a look into
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Totila
Posts: 56
Joined: Sun Aug 04, 2019 8:29 am

Re: Update to 7.1.2 - VPN via wireguard no longer working

Post by Totila »

Thanks for your hints.

I updated my domain (duckdns) via Http call and all is working again. Hadn't done it for 9 months.

No configuration issue.

Many thanks again.

T
User avatar
Joulinar
Posts: 4783
Joined: Sat Nov 16, 2019 12:49 am

Re: Update to 7.1.2 - VPN via wireguard no longer working

Post by Joulinar »

you could use dietpi-ddns to update your duckdns once your external IP will change
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Totila
Posts: 56
Joined: Sun Aug 04, 2019 8:29 am

Re: Update to 7.1.2 - VPN via wireguard no longer working

Post by Totila »

Just did.
Test seemed to work fine.

Thank you!

T
Post Reply