I struggle with my wireguard setup which is as follows:
- Internet Router has the ip 10.10.7.1, external zzz.dyndns.org.
- VM Host is 10.10.7.9 with bridged VMs. Wireguard Server is a VM with ip
10.10.7.19.
- All servers run unbuntu 20.04 LTS with latest stable patches. Router port TCP 51280 is forwarded to 10.10.7.19:51280. Other forwards work ( e.g. 443).
- ufw is down
The problem is: The windows client says "Handshake did not complete after 5 seconds" repeatedly.
The config for the client was transferred by file.
When I do "tcpdump -n -v -i wg0" shows not a single package. It appears the packets from the client do not reach the wg0 interface. I tried the same with the ens3 interface and port 51280.
I dont know woh to debug that.
wg0.conf:
[Interface]
Address = 10.10.9.1/24
Address = fd10:10:9:1::1/64
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
ListenPort = 51820
PrivateKey = Pq<key>
[Peer]
PublicKey = ia<key>
AllowedIPs = 10.10.9.2/32
[Peer]
PublicKey = yR<key>
AllowedIPs = 10.10.9.3/32
client.conf:
[Interface]
PrivateKey = wC<key>
Address = 10.10.9.3/32
DNS = 10.10.7.20, 10.10.7.1
[Peer]
PublicKey = Pq<key>
AllowedIPs = 0.0.0.0/0
Endpoint = zzz.dyndns.org:51820
Output of wg:
interface: wg0
public key: XK<key>
private key: (hidden)
listening port: 51820
peer: ia<key>
allowed ips: 10.10.9.2/32
peer: yR<key>
allowed ips: 10.10.9.3/32
I hope I described my setup comprehensively.
Thank you for support.
