Join Log in
Score:1
AlwaysLearningNewStuff avatar Ubuntu

Wireguard client can not connect to internet

vn flag
AlwaysLearningNewStuff

I have installed Wireguard with following commands:

sudo apt update
sudo apt install wireguard

Then I have installed resolvconf:

sudo apt install resolvconf

Created keys:

umask 077
wg genkey | sudo tee /etc/wireguard/private.key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

Finally, created config:

sudo nano /etc/wireguard/wg0.conf
# below is the content of the config file
         [Interface]
         PrivateKey = omitted
         Address = 10.9.0.7/32
         DNS = 1.0.0.1

         [Peer]
         PublicKey = omitted
         AllowedIPs = 0.0.0.0/0, ::/0
         Endpoint = 95.87.101.10:51820

After executing sudo wg-quick up wg0 all my applications are left without internet. Internet comes back after I sudo wg-quick down wg0 Wireguard.

I do not have access to the server, it is maintained by the company.
I can only tamper with my own machine.

I am not skilled with networking, my company said to just follow above instructions and everything will work, but here is what I have tried to solve the problem:

I have tried suggestions from this question but no success.

sudo wg gave the following output:

interface: wg0
  public key: y5ZpnepnWHWBOvm04iDUh/+XgLIZKSOClI4It5D/ESU=
  private key: (hidden)
  listening port: 43460
  fwmark: 0xca6c
peer: KIkiNWfiSEGYbXAGvNau8kOlG8rqFfEFeNzPjnUzz0Q=
  endpoint: 95.87.101.10:51820
  allowed ips: 0.0.0.0/0, ::/0
  transfer: 0 B received, 296 B sent

I have assumed that handshake works, but something else obstructs internet connection.

ip route show gave me this:

default via 192.168.1.1 dev wlx3c7c3f49907c proto dhcp metric 600 
169.254.0.0/16 dev wlx3c7c3f49907c scope link metric 1000 
192.168.1.0/24 dev wlx3c7c3f49907c proto kernel scope link src 192.168.1.7 metric 600

After googling, I came to the conclusion that DHCP screws default route, but I do not know how to fix it. I have tried sudo ip route add default via 192.168.1.1 but that did not help either. ip route while Wireguard is on gives following output:

default via 192.168.1.1 dev wlx3c7c3f49907c 
default via 192.168.1.1 dev wlx3c7c3f49907c proto dhcp metric 600 
169.254.0.0/16 dev wlx3c7c3f49907c scope link metric 1000 
192.168.1.0/24 dev wlx3c7c3f49907c proto kernel scope link src 192.168.1.6 metric 600

I have tried sudo cat /proc/sys/net/ipv4/ip_forward but that did not help either.

This is the best I can do, since I do not know much about networking. I came across this site after googling so I have decided to ask for help, in a desperate hope that a solution will be found.

If you need further info leave a comment and I will reply.

679
0 + 0
vpn
Caleb McKay avatar
ca flag
Caleb McKay
You are configured to forward ALL your traffic through wireguard. Is there a reason why you want to pass everything, including your internet access, through the tunnel, versus just the traffic meant for the company network? Also, can you access company resources when wireguard is connected, and it is just the internet not working?
0
Reply
AlwaysLearningNewStuff avatar
vn flag
AlwaysLearningNewStuff
@CalebMcKay: I received the config file, settings are not mine. After changing `AllowedIPs` to `AllowedIPs = 10.0.0.0/8` I do get internet access but `ssh` command does not work (`ssh [email protected]`). I have changed `AllowedIPs` to `AllowedIPs = 10.0.0.0/8, 192.168.110.0/24` but `ssh` command still did not work. After that I have asked here for help. I would not mind to leave `AllowedIPs = 10.0.0.0/8, 192.168.110.0/24` as it is, but do not know how to make `ssh` work. Hope this answers your question. Thank you for trying to help.
0
Reply
Jags avatar
kp flag
Jags
hi @alwayslearningnewstuff could you try these changes and see if your issue gets resolved: (1) `AllowedIPs = 10.0.0.0/8`; (2) `sudo ip route add 192.168.110.0/24 via 192.168.1.1 dev wlx3c7c3f49907c` (3) `sudo nano /etc/sysctl.d/99-sysctl.conf`, uncomment the line: `net.ipv4.ip_forward=1`, save and close the file. Then run: `sysctl -p` (4) `sudo wg-quick down wg0` and finally: `sudo wg-quick up wg0`. Thanks.
0
Reply
AlwaysLearningNewStuff avatar
vn flag
AlwaysLearningNewStuff
@Jags: Thank you for helping out! I have executed the commands but still no joy with `ssh`. Internet works.
0
Reply
Score:0
lemrm avatar Ubuntu
th flag
lemrm

... maybe you could try here

sudo nano /etc/wireguard/wg0.conf
below is the content of the config file
     [Interface]
     PrivateKey = omitted
     Address = 10.9.0.7/32
     DNS = 1.0.0.1

for DNS your own internet gateway or local dns/dhcp server (i.e 192.168.110.1) instead of DNS = 1.0.0.1 or another public DNS server.

0 + 0
AlwaysLearningNewStuff avatar
vn flag
AlwaysLearningNewStuff
Thank you for trying to help, I have talked to my superiors, they insist on keeping the DNS setting unchanged :(
0
Reply
lemrm avatar
th flag
lemrm
Wg seems to run as expected. Have you checked the remote_machine. Do you have a ping? Is the ssh deamon running? Is i.e. nmap find the machine in your local subnet, with and whithout enabled wg-connection? Is there a firewall enabled on remote_machine?
0
Reply
AlwaysLearningNewStuff avatar
vn flag
AlwaysLearningNewStuff
I have called my ISPs tech support, they could not figure out what is wrong either. Pinging DNS without WG works, firewall set to low. They said they will send someone soon to investigate
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.