secure-wireguard-implementation icon indicating copy to clipboard operation
secure-wireguard-implementation copied to clipboard

Published 20 hours ago verified publisher icon BetterWayElectronics

No internet connection.

Open jackson1974 opened this issue 4 years ago • 2 comments

Hello BetterWayElectronics! Thanks for this tutorial, unfortunately I still do not understand why I have no internet connection :>(

I have gone through this tutorial several times, I have set up on the other server, but nothing helps me.

There is a successful handshake between client and server that works without errors, DNScrypt runs on the server without problems too, I have all the IPtables you wrote in the guide.

Here is my server configuration, exactly as described in the instructions:


[Interface]

PrivateKey = server private key
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
[Peer]
PublicKey = client public key
AllowedIPs = 10.0.0.2/32

And my client configuration:

[Interface]
PrivateKey = client private key
ListenPort = 51820
Address = 10.0.0.4/24
DNS = 10.0.0.1
[Peer]
PublicKey = server public key
AllowedIPs = 0.0.0.0/0,  ::/0
Endpoint = server ip:51820

I also have sysctl settings on the server and on the client:

sysctl -p: 
- net.ipv4.ip_forward = 1
- net.ipv6.conf.all.forwarding = 1

dnscrypt-proxy-socket is wiring to 0.0.0.0:53 as it says in your instructions, but still no effect :(

Client's wg show:

Peer: qBSETBhDJtR1eACvn+L62iIMRpY9Sxdra+ZoHerTAzU=
  endpoint: server ip: 51820
  allowed ips: 0.0.0.0/0, ::/0
  last handshake: 16 seconds ago
  transmission: 124 B received, 7.86 KiB sent

Can you please help me with this problem?

jackson1974 avatar Sep 07 '21 20:09 jackson1974

Your client IP address does not match the Peer IP address.

That could be the issue. Sep 8, 2021, 6:34 AM by @.***:

Hello BetterWayElectronics! Thanks for this tutorial, unfortunately I still do not understand why I have no internet connection :>(

I have gone through this tutorial several times, I have set up on the other server, but nothing helps me.

There is a successful handshake between client and server that works without errors, DNScrypt runs on the server without problems too, I have all the IPtables you wrote in the guide.

Here is my > server> configuration, exactly as described in the instructions:

[Interface]PrivateKey = server private keyAddress = 10.0.0.1/24SaveConfig = truePostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADEPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADEListenPort = 51820[Peer]PublicKey = client public keyAllowedIPs = 10.0.0.2/32

And my > client> configuration:

[Interface]PrivateKey = client private keyListenPort = 51820Address = 10.0.0.4/24DNS = 10.0.0.1[Peer]PublicKey = server public keyAllowedIPs = 10.0.0.0/0, ://0Endpoint = server ip:51820

I also have sysctl settings on the server and on the client:

sysctl -p: - net.ipv4.ip_forward = 1- net.ipv6.conf.all.forwarding = 1

dnscrypt-proxy-socket is wiring to 0.0.0.0:53 as it says in your instructions, but still no effect :(

Client's wg show:

Peer: qBSETBhDJtR1eACvn+L62iIMRpY9Sxdra+ZoHerTAzU= endpoint: server ip: 51820 allowed ips: 0.0.0.0/0, ::/0 last handshake: 16 seconds ago transmission: 124 B received, 7.86 KiB sent

Can you please help me with this problem?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, > view it on GitHub https://github.com/BetterWayElectronics/secure-wireguard-implementation/issues/6> , or > unsubscribe https://github.com/notifications/unsubscribe-auth/ALFLL4GOJNV57VQ35BI7PYDUAZZNNANCNFSM5DTEQWFQ> . Triage notifications on the go with GitHub Mobile for > iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or > Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

BetterWayElectronics avatar Sep 08 '21 00:09 BetterWayElectronics

Hello, sorry, I was looking for a problem solution on the web and accidentally posted the wrong client configuration. Can you please explain me exactly what to do as I have no idea how to match them. Thank you very much for your reply.

jackson1974 avatar Sep 08 '21 05:09 jackson1974