wg-easy icon indicating copy to clipboard operation
wg-easy copied to clipboard

Published 20 hours ago verified publisher icon wg-easy

Cant connect to wg-easy from outside LAN

Open studiowena opened this issue 1 year ago • 4 comments

Hello,

i have installed docker wg-easy like below

  docker run -d \
  --name=wg-easy \
  -e LANG=en \
  -e WG_HOST=192.168.100.3 \
  -e PASSWORD=pass \
  -e PORT=51821 \
  -e WG_PORT=51820 \
  -v ~/.wg-easy:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --sysctl="net.ipv4.ip_forward=1" \
  --restart unless-stopped \
  ghcr.io/wg-easy/wg-easy

add client via dashboard then i can connect only when im on LAN with my phone (via wifi). If I connect from outside LAN i cannot connect to wireguard.

I have forwarded UDP port on my router 51820 i tried forward dashboard TCP port 51821 and its avaiable from outside LAN

my wg0.conf is

# Server
[Interface]
PrivateKey = _
Address = 10.8.0.1/24
ListenPort = 51820
PreUp = 
PostUp =  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; 
PreDown = 
PostDown =  iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -D INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; 


# Client: _
[Peer]
PublicKey = _
PresharedKey = _
AllowedIPs = 10.8.0.2/32

studiowena avatar Jun 06 '24 10:06 studiowena

Same problem here! Can't connect from outside (my router/firewall shows the packets are being forwarded to my WG-Easy container)... It's been working flawlessly for the past several months.

armond-avanes avatar Jun 09 '24 22:06 armond-avanes

-e WG_HOST=192.168.100.3 \

In your example, a 192.168.x.x address is a Class C private IP address. This type of address is not routable outside your local network. From the main WG-Easy github page, it states the following:

Replace YOUR_SERVER_IP with your WAN IP, or a Dynamic DNS hostname.

You should determine what your public IP is (google "what is my IP"), or research and utilize a DDNS service and use that address for the WG_HOST option. This explains why you can connect when you're on your local network (your device can be routed locally to your WG server via your router) but unable to connect when outside your LAN (e.g. cell phone on cellular only).

Also, you shouldn't have to port forward 51821, just 51820 and double check it's forwarded to your WG server address (I'm assuming the 100.3).

Czanron avatar Jun 11 '24 12:06 Czanron

Same here. v12 works, v13 not

reddec avatar Jul 02 '24 01:07 reddec

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] avatar Aug 01 '24 02:08 github-actions[bot]

This issue was closed because it has been inactive for 14 days since being marked as stale.

github-actions[bot] avatar Aug 15 '24 02:08 github-actions[bot]

i know this is old but for the DDNS should we use quotes or no? and http/https? my config: -e WG_HOST=hostname.ddns.net

vvirtues avatar Sep 06 '24 21:09 vvirtues