Sorry for intrusion,But, if you did correct your config for WG as was advised.Do you see in live logs permit for the specific source and destinations being hit with permit?Also this issue is only related to HTTP/s?Did you do as well MSS clamping (Normalization)?If you are connecting WG over cell, set on the client WG app [Interface] as well MTU 1390.Regards,S.
Using cellular / android I have no problems using default MTU, only on Windows / fiber and DSL I issued connectivity problems and solved it with 1293 (?) in client config.
Methodology has been to disconnect the mobile phone from wifi and use cellular. Allow wifi tethering to it. Connect laptop vi wifi tethering to the phone. wg-quick up the wireguard client on the laptop. Try to open 192.168.5.1:55443 or 192.168.5.1:8080 (adguardhome) or ssh to another lan machine.
Well you NAT at L3, VPN such as WG is a bit higher right.So you will NAT the IP of LAPTOP with the IP of the Phone. What is allowed in WG is basically telling what traffic destination should go via the tunnel. NAT considers only NATing the IP of the Laptop (source of the tunnel) itself as the WG header is encapsulated by the L3 header. [IPv4] > [WG] > [Payload]As for testing, why not to try WG on the phone over cell first. And then move the WG on the Laptop over Phone tether? One less headache in the middle.Regards,S.
Well you NAT at L3, VPN such as WG is a bit higher right....
Quote from: Seimus on June 28, 2024, 03:06:20 pmWell you NAT at L3, VPN such as WG is a bit higher right....Actually WG is layer 3https://www.wireguard.com/papers/wireguard.pdf
default via 192.168.4.1 dev wlp58s0 proto dhcp metric 600 169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 192.168.4.0/22 dev wlp58s0 proto kernel scope link src 192.168.7.227 metric 600 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
default via 192.168.4.1 dev wlp58s0 proto dhcp metric 600 10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.4 169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 192.168.4.0/22 dev wlp58s0 proto kernel scope link src 192.168.7.227 metric 600 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
penguin@saturn:~$ curl https://192.168.5.1:55443curl: (7) Failed to connect to 192.168.5.1 port 55443 after 3058 ms: No route to hostpenguin@saturn:~$ ping 192.168.5.1PING 192.168.5.1 (192.168.5.1) 56(84) bytes of data.From 192.168.7.227 icmp_seq=1 Destination Host UnreachableFrom 192.168.7.227 icmp_seq=2 Destination Host Unreachable
[Interface]Address = 10.0.0.4/24PrivateKey = VMVMVMVMVMTU = 1390[Peer]#PublicKey = AMAMAMAMAMNC#This one below is the server's public keyPublicKey = ABABABAB#AllowedIPs = <Networks to which this client should have access>/<Netmask># // For example "10.11.0.0/24, 192.168.1.0/24"# // | |# // +--> The network area of the OPNsense WireGuard VPNs# // |# // +--> Network behind the firewallAllowedIPs = 0.0.0.0/0#Endpoint = <Public IP of the OPNsense firewall>:<WireGuard Port>Endpoint = mydynamicdns:51820