WireGuard no internet

Started by norbo80, September 03, 2022, 03:21:04 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
October 21, 2022, 10:57:59 AM #15
Quoteif I create an wg interface - I don't have to create NAT Port forwarding
Never understood this context... I´ve created an interface to be more flexible with FW rules for multiple WG instances, there was no outband NAT rule defined and one of my WG is only used to route all traffic over VPN, there is only a "allow WG to any" rule, that´s it.
Quoteand I dont have to config IPc4 in interface settings.
WG interface settings should be "none" for v4 and v6.

Code Select
Now I receive may DNS and ICMP blocks.
I can´t see something wrong, except the srouce IP in that rule. Set it to the whole WG net (192.168.20.0/24
i am not an expert... just trying to help...
October 21, 2022, 10:58:32 AM #16
MY interfaces and assigment attached
October 21, 2022, 11:08:30 AM #17 Last Edit: October 21, 2022, 11:21:05 AM by norbo80
I'm changed the rule source to "Wireguard net" and removed the IPv4 from Wireguard interface settings. To do this I have to deactivate also DHCP on this interface.

Results still the same:
Code Select
wg1 2022-10-21T11:08:53 192.168.20.21:33888 192.168.20.1:53 udp Default deny / state violation rule
wg1 2022-10-21T11:08:53 192.168.20.21:64906 192.168.20.1:53 udp Default deny / state violation rule
wg1 2022-10-21T11:08:53 192.168.20.21:6700 192.168.20.1:53 udp Default deny / state violation rule
wg1 2022-10-21T11:08:42 192.168.20.21:12967 192.168.20.1:53 udp Default deny / state violation rule
wg1 2022-10-21T11:08:33 192.168.20.21:45439 192.168.20.1:53 udp Default deny / state violation rule

Update - I have to create the any rule in Interface - WireGuard (Group)  then FW and DNS is allowed. This interface has been created automatically with the installation of WG.

Ping to FW via VPN works
DNS to FW ist allowed
ping 8.8.8.8 and internet doesn't works
October 21, 2022, 11:28:50 AM #18
QuoteTo do this I have to deactivate also DHCP on this interface.
There is no need for DHCP on WG interface.

QuoteUpdate - I have to create the any rule in Interface - WireGuard (Group)  then FW and DNS is allowed. This interface has been created automatically with the installation of WG.
This was my next question, before I saw your edit... :)

WG (group) are rules for all WG instances, rules defined for each instance (you onlny have one) will be applied to only this instance. (thats the benefit of using interfaces for each WG instance)

Fine, now let´s troubleshoot your WAN connection issues...
Are you connected to WG local via LAN or from external/ WAN? Try from WAN e.g. LTE/5G!
What does a traceroute say? First hop should be the firewalls WG IP (192.168.20.1) followed by an IP of your ISP (not the mobile ISP).
i am not an expert... just trying to help...
October 21, 2022, 01:27:34 PM #19
I'm not home at the moment therefore I can try only traceroute from mobile phone. Earlier, I tried both with LAN and LTE and also did not work.

PING: 192.168.20.1 works
Traceroute to 192.168.20.1 - NO response
Traceroute to 8.8.8.8 - only one HOP - 192.168.20.1

No blocks on FW

In about 1 hour I can try from Windows Maschine

I really appreciate your help
October 21, 2022, 01:42:56 PM #20
QuoteTraceroute to 8.8.8.8 - only one HOP - 192.168.20.1
Fine, traffic is routed over VPN and then.... stucks somewhere. Can´t imagine why for the moment.

I remember I had some issues with a new created WG interface some times ago and I had to create a new one first and then deleted the not working instance, but I can´t remember what kind of problems I had. Maybe creating a new instance will help for you too...?!
The WG instance is definetly running/active? Tried to restart service or the sense?
i am not an expert... just trying to help...
October 21, 2022, 02:39:03 PM #21
Yes the istance is running, i tried with OPN Restart. with no success. Do I need the NAT Port Forwarding? How to create new instance, the service is the same - should I create new Interface right?
October 21, 2022, 02:49:13 PM #22
Now I remember, that I had trouble becoming the new WG instance active... that was fixed by creating a new one, hence I guess this will not help you.

Maybe you should show your actual config of WG FW rules and WG server and client config, maybe we missed something because we are looking at different statuses...

I don´t see a reason for NAT rules, as mentioned, I have none, neither for two WG instances, nor for three OVPN.
i am not an expert... just trying to help...
October 21, 2022, 04:36:32 PM #23
Best regards from VPN :) I created new instance and removed the old one. I supposed the problem was in Interface settings. Anyway it works!
Thank you for help, lesson and patience!
October 21, 2022, 05:04:43 PM #24
:D

Fine... good to hear, sounds like recreating an instance helps in more cases as thought.
So the list for troubleshooting WG seems to be
1. Reboot
2. Recreate... works always :D
i am not an expert... just trying to help...
Print
Go Up Pages 1 2
User actions