this post was submitted on 20 Dec 2023
26 points (93.3% liked)

Selfhosted

60091 readers
669 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
26
[Fixed] Weird Wireguard issues I could use some help with. (lemmy.procrastinati.org)
submitted 2 years ago* (last edited 2 years ago) by SeeJayEmm@lemmy.procrastinati.org to c/selfhosted@lemmy.world
28 comments fedilink hide all child comments
 

I've hit a wall with a weird Wireguard issue. I'm trying to connect my phone (over cell) to my home router using wireguard and it will not connect.

  • The keys are all correct.
  • The IPs are all correct.
  • The ports are open on the firewall.
  • My router has a public IP, no CGNAT.

The router is opnsense, I have a tcpdump session going and when I attempt a connection from the phone I see 0 packets on that port. I am able to ping the router and reach the web server sitting behind it from the phone.

I have a VPS that I configured WG on and the phone connects fine to that. I also tested configuring the VPS to connect to my home router and that also works fine.

I'm really at a loss as to where to go next.

Edit 2: I completely blew out the config on both sides and rebuilt it from scratch, using a different UDP port, and it all appears to be working now. Thanks for everyone's help in tracking this down.

Edit: It was requested I provide my configs.

opnsense:

####################################################
# Interface settings, not used by `wg`             #
# Only used for reference and detection of changes #
# in the configuration                             #
####################################################
# Address =  172.31.254.1/24
# DNS =
# MTU =
# disableroutes = 0
# gateway =

[Interface]
PrivateKey = 
ListenPort = 51821

[Peer]
# friendly_name = note20
PublicKey = 
AllowedIPs = 172.31.254.100/32

Android:

[Interface]
Address = 172.31.254.100/32
PrivateKey = 

[Peer]
AllowedIPs = 0.0.0.0/32
Endpoint = :51821
PublicKey =
you are viewing a single comment's thread
view the rest of the comments
[–] taaz@biglemmowski.win 1 points 2 years ago* (last edited 2 years ago) (1 children)

Yeah I would probably try if the phone can actually access anything on that port.

On router: netcat -vvvl 0.0.0.0 51820
On phone: http://router_ip:51820

The browser will fail opening it but on router you should see the first incoming HTTP GET packet.
Or one could run a local shell on the phone (assuming android) and try netcat too.

(or this http server one liner python3 -m http.server can be used instead of netcat)

[–] SeeJayEmm@lemmy.procrastinati.org 1 points 2 years ago (2 children)

I have an network tools app that lets me test arbitrary ports and I do see those packets on a tcpdump, but this app (and you're suggestions above) are all TCP while Wireguard listens on UDP. I haven't come up with a way to test UDP from the phone yet.

[–] taaz@biglemmowski.win 2 points 2 years ago* (last edited 2 years ago)

Netcat can do UDP with -u flag, to get netcat on the phone (android) you could try local shell (Connect Bot app can do it) and try calling the local netcat (nc, though it's a simple busybox implementation so it might not have all the features). Not sure if it would let you send udp just like that.

[–] nightrunner@lemmy.world 1 points 2 years ago

They call it a tcpdump but Wireshark analyzes all network traffic. You can use the udp.port == 51820

Do you have a laptop? Probably more tools and easier to test from there.