this post was submitted on 20 Dec 2023
26 points (93.3% liked)

Selfhosted

60091 readers
1270 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
26
[Fixed] Weird Wireguard issues I could use some help with. (lemmy.procrastinati.org)
submitted 2 years ago* (last edited 2 years ago) by SeeJayEmm@lemmy.procrastinati.org to c/selfhosted@lemmy.world
28 comments fedilink hide all child comments
 

I've hit a wall with a weird Wireguard issue. I'm trying to connect my phone (over cell) to my home router using wireguard and it will not connect.

  • The keys are all correct.
  • The IPs are all correct.
  • The ports are open on the firewall.
  • My router has a public IP, no CGNAT.

The router is opnsense, I have a tcpdump session going and when I attempt a connection from the phone I see 0 packets on that port. I am able to ping the router and reach the web server sitting behind it from the phone.

I have a VPS that I configured WG on and the phone connects fine to that. I also tested configuring the VPS to connect to my home router and that also works fine.

I'm really at a loss as to where to go next.

Edit 2: I completely blew out the config on both sides and rebuilt it from scratch, using a different UDP port, and it all appears to be working now. Thanks for everyone's help in tracking this down.

Edit: It was requested I provide my configs.

opnsense:

####################################################
# Interface settings, not used by `wg`             #
# Only used for reference and detection of changes #
# in the configuration                             #
####################################################
# Address =  172.31.254.1/24
# DNS =
# MTU =
# disableroutes = 0
# gateway =

[Interface]
PrivateKey = 
ListenPort = 51821

[Peer]
# friendly_name = note20
PublicKey = 
AllowedIPs = 172.31.254.100/32

Android:

[Interface]
Address = 172.31.254.100/32
PrivateKey = 

[Peer]
AllowedIPs = 0.0.0.0/32
Endpoint = :51821
PublicKey =
you are viewing a single comment's thread
view the rest of the comments
[–] hungover_pilot@lemmy.world 2 points 2 years ago (1 children)

If your VPS can connect to your home router as a client it sounds like your wireguard server on opnsense is working correctly.

Might be a problem with your phones WG config. Have you tried taking the client .conf file from your VPS and loading it onto your phone to test a working config file?

[–] SeeJayEmm@lemmy.procrastinati.org 1 points 2 years ago (1 children)

I didn't think the wg-quick conf is compatible but I'll look into that in the am.

[–] lemming741@lemmy.world 0 points 2 years ago* (last edited 2 years ago) (1 children)

For the love of all that is holy

At least change the interface IP. I multiboot my laptop and when I copied a wg.conf being lazy, the server basically ignored the newer client. I had to boot back into the OG OS and add a peer via ssh. I'm still learning wg but don't count on clones interfaces working.

[–] SeeJayEmm@lemmy.procrastinati.org 1 points 2 years ago

All I meant was, it hadn't occurred to me that the android app and wg-quick used the same file format. I can certainly give this a try.