Join Log in
Score:0
Winkee avatar Server

wireguard VPN linux client failed to connect when AllowedIPs = 0.0.0.0/0

aw flag
Winkee

I set up a wireguard server and while I use a linux client to connect to it, all internet connection failed, I can't even ping VPN gateway IP.

Below is my setup and client's symptom:

  • Server: CentOS/Ubuntu
  • Client machine: Ubuntu
  • config file: wg-client.conf, which sets AllowedIP=0.0.0.0/0

All connections on client are lost

ping 10.2.0.1       ## (this is vpn gateway IP) not work
ping something.com  ## not work

Below are some related info shown on my client machine.

$ ip route show
default via 192.168.2.1 dev enp3s0
10.2.0.0/24 dev wg-client proto kernel scope link src 10.2.0.2

$ ip rule show
0:  from all lookup local
32764:  from all lookup main suppress_prefixlength 0
32765:  not from all fwmark 0xca6c lookup 51820
32766:  from all lookup main
32767:  from all lookup default

Here is what wg status when my client connect to server

On client:

sudo wg
'interface: wg-client
  public key: ...
  private key: (hidden)
  listening port: 58434
  fwmark: 0xca6c

peer: ...
  endpoint: <server-ip>:51828
  allowed ips: 0.0.0.0/0
  latest handshake: 11 seconds ago
  transfer: 92 B received, 9.50 KiB sent
  persistent keepalive: every 25 seconds

On Server:

sudo wg
interface: wg0
  public key: ...
  private key: (hidden)
  listening port: 51828

peer: ...
  endpoint: <client-ip>:1920
  allowed ips: 10.2.0.2/32
  latest handshake: 6 minutes, 45 seconds ago
  transfer: 180 B received, 92 B sent

As shown, the connection is built successfully, but I can not ping anything, including gateway 10.2.0.1. When I bring down wg on client, the connection resumed.

Other info that may help someone to help identify my problem

  • tcpdump -i wg-client icmp does not capture any packets.
  • ifconfig wg-client shows that all my packets are dropped (why?)
  • When I set AllowedIP = 10.2.0.2/24, the connection looks normal, and I can ping VPN gateway now, nslookup google.com 10.2.0.1 also works, but my internet access does not go through VPN tunnel.
  • I tried connected from Windows client and macOS client, both works successfully. Only failed on linux client(ubuntu)
  • I can assure my firewall does not block my requests, and I can't capture any packet on server.

Do I miss anything in the setup? This buggs me for several days, I really need some help, Thank you.

Also, I have examine detail in this article and still cannot fix my problem.

69
0 + 0
vpn
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.