Join Log in
Score:0
inzig0 avatar Server

WireGuard traffic not making it through tunnel

ma flag
inzig0

I have a server(10.42.0.1) and a client(10.42.0.2), both with wg. I've configured both using the wg command in a way that they should be able to talk to each other.

client wg:

interface: wg0
  public key: abc123=
  private key: (hidden)
  listening port: 51820

peer: xyz987=
  endpoint: 15.14.13.12:51820
  allowed ips: 10.42.0.0/24
  transfer: 0 B received, 7.37 KiB sent

server wg:

interface: wg0
  public key: xyz987=
  private key: (hidden)
  listening port: 51820

peer: abc123=
  allowed ips: 10.42.0.0/24

However(as you might be able to see already), my server is totally oblivious to my client. Pinging from the client and running tcpdump -i wg0 on the server logs no traffic.

Client ping:

PING 10.42.0.1 (10.42.0.1) 56(84) bytes of data.
^C
--- 10.42.0.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4046ms

Server tcpdump -i wg0:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg0, link-type RAW (Raw IP), capture size 262144 bytes

0 packets captured
0 packets received by filter
0 packets dropped by kernel

Trying to ping the client from the server results in ping: sendmsg: Destination address required, but that is to be expected since there is no endpoint specified for the client.

The firewall should not be getting in the way, that said I'm not an expert on iptables.

Server iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I know opening all the ports on my server is dangerous, but I'll fix it when I can get WireGuard working. I'm hoping that the fix to my problem is something easy that I'm looking over, but I've tried everything that the google machine has to offer and nothing is working.

394
0 + 0
in flag
Virsacer
You cant build site-to-site VPN when both locations are using the same network. BTW: `iptables -S` produces better output.
0
Reply
inzig0 avatar
ma flag
inzig0
@Virsacer I’m not trying to build a site-to-site VPN, and the IPs are the addresses assigned to the wg0 interface. I’ll add the output of iptables-S when I have access to my server, I’m at school rn.
0
Reply
in flag
Virsacer
Ok, then AllowedIPs should be peer's WG-IP/32. Output of `ip r` might also help.
0
Reply
inzig0 avatar
ma flag
inzig0
@Virsacer I've changed the AllowedIPs, and the route is there. However, trying the ping again with the changed AllowedIPs now throws `ping: sendmsg: Required key not available`
0
Reply
A.B avatar
cl flag
A.B
Please give all the network settings for the server: `ip -br link; ip -br address; ip route; ip rule` + `iptables-save -c` (includes all rules and -c counts where a rule matches). Just in case you should give the same for the client. Feel free to obfuscate, but don't omit.
0
Reply
A.B avatar
cl flag
A.B
Anyway in the (incomplete by default) output of iptables -L, I can't see how UDP port 51820 is accepted.
0
Reply
inzig0 avatar
ma flag
inzig0
@A.B I configured iptables to accept all traffic from anywhere, you can see that in the input chain. I’ll add the output of the other commands now
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.