Wireguard on dietpi/vmware workstation

Having issues with your DietPi installation or found a bug? Post it here.
User avatar
Joulinar
Posts: 5619
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard on dietpi/vmware workstation

Post by Joulinar »

strange that you can connect via SSH to your local network (PiHole device) but not using HTTP.

Ok if you have time and mood, we could perform some tcp tracing to check where HTTP connection breaks.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
thejuan
Posts: 12
Joined: Wed Sep 01, 2021 7:35 pm

Re: Wireguard on dietpi/vmware workstation

Post by thejuan »

It is strange, I was surprised ssh worked, good call!
Sure, I'm down, I really appreciate the help!
I might not be timely today but I'd like to solve this, it's been bugging me
User avatar
trendy
Posts: 360
Joined: Tue Feb 25, 2020 2:54 pm

Re: Wireguard on dietpi/vmware workstation

Post by trendy »

Can we verify first that it is not blocked by the firewall?
iptables-save -c
thejuan
Posts: 12
Joined: Wed Sep 01, 2021 7:35 pm

Re: Wireguard on dietpi/vmware workstation

Post by thejuan »

iptables-save -c

Code: Select all

# Generated by xtables-save v1.8.2 on Thu Sep  2 19:34:10 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[4342:671586] -A FORWARD -i wg0 -j ACCEPT
COMMIT
# Completed on Thu Sep  2 19:34:10 2021

Code: Select all

# Generated by xtables-save v1.8.2 on Thu Sep  2 19:34:10 2021
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[791:52332] -A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Sep  2 19:34:10 2021
User avatar
Joulinar
Posts: 5619
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard on dietpi/vmware workstation

Post by Joulinar »

@thejuan
is the following correct?

IP PiHole VM - 192.168.1.24
IP WireGuard VM - 192.168.1.25
IP WireGuard Client - 10.9.0.2

if yes, I will let you know the commands we would need to capture the HTTP connection
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
trendy
Posts: 360
Joined: Tue Feb 25, 2020 2:54 pm

Re: Wireguard on dietpi/vmware workstation

Post by trendy »

Install tcpdump apt install tcpdump and then run:
tcpdump -evn tcp port 80
thejuan
Posts: 12
Joined: Wed Sep 01, 2021 7:35 pm

Re: Wireguard on dietpi/vmware workstation

Post by thejuan »

yes, the ip's are correct
IP PiHole VM - 192.168.1.24
IP WireGuard VM - 192.168.1.25
IP WireGuard Client - 10.9.0.2
User avatar
Joulinar
Posts: 5619
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard on dietpi/vmware workstation

Post by Joulinar »

Ok I will post tcpdump command later the evening. I played with it and I guess I found a good filter to show important information only.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
thejuan
Posts: 12
Joined: Wed Sep 01, 2021 7:35 pm

Re: Wireguard on dietpi/vmware workstation

Post by thejuan »

awesome! thanks so much for the help
User avatar
Joulinar
Posts: 5619
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard on dietpi/vmware workstation

Post by Joulinar »

ok for testing install tcpdump on both VM's

Code: Select all

dietpi-software install 15
Following will start traffic capture on WireGuard VM

Code: Select all

tcpdump -i any -c200 -nn port 80 and '((src 10.9.0.2 and dst 192.168.1.24) or (src 192.168.1.24 and dst 10.9.0.2))'
  • it will capture 200 lines
  • on HTTP port 80
  • where source is wg client IP 10.9.0.2 and target PiHole VM for incomming traffic
  • and the other way around to check on an answer
Following will start traffic capture on PiHole VM

Code: Select all

tcpdump -i any -c200 -nn port 80
  • it will capture 200 lines
  • on HTTP port 80
  • traffic from all sources will be captured
Test to be done
  1. Ensure no device on your network is actually connected to PiHole web interface
  2. connect your mobile device to cellular network
  3. connect WireGuard app
  4. open web browser and try pi.hole/admin/
  5. close browser window
  6. disconnect WireGuard app
  7. you could cancel tcpdump if not already stopped
  8. post output for both VM's
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply