Join Log in
Score:0
nightwatch avatar Ubuntu

Wireguard Ubuntu Server Virtualmin FirewallD Connectivity

tr flag
nightwatch

Does anyone know of any Ubunut Server 20.04 and/or Virtualmin related aspects that can interfere / block a wireguard connection?

Problem:
All settings verified as correct. Client just can not connect.

Things that I tried:
1.) I have verified that the port (51820) is available and can be accessed through FirewallD GUI and by running:

(server side) nc -lu 51820

(client side) echo Test message | nc -4u -w1 {host-ip} 51820

And seeing "Test message" output on remote server.

2.) Under Webmin >> Webmin Configuration >> IP Access Control... I have added both the wireguard client and server's addresses (i.e. 10.0.0.1 , 10.0.0.2)

3.) I have generated fresh key pairs on client and server. Putting client's pub key on the server and the Server's pub key on the client.

4.) I completely, disabled FirewalD and still could not connect, so FirewallD is an innocent party in this connection murder mystery.

I am asking here because I have literally the -identical- setup on a Debian Server (UFW not FirewallD & without Virtualmin) and it works perfectly.

There seems to be something related to Ubuntu and/or Virtualmin that is simply blocking the connection and I can't find any errors in /var/log

My /etc/wireguard/wg0.conf contains:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = server-private-key

[Peer]
PublicKey = client-public-key
AllowedIPs = 10.0.0.2/32

And I edited /etc/sysctl.conf to have: net.ipv4.ip_forward = 1

From the client side when I connect, I get:

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.0.2/32 dev wg0
[#] ip link set mtu 1420 up dev wg-client1
[#] resolvconf -a tun.wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg-client1 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n

And on the server I get this out put when I start wireguard:

# wg-quick up wg0 
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.0.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Everything is correct... the client just can't connect.

20
0 + 0
David avatar
cn flag
David
What version of Ubuntu are you using?
0
Reply
nightwatch avatar
tr flag
nightwatch
i am using 20.04
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.