wireguard-install icon indicating copy to clipboard operation
wireguard-install copied to clipboard
verified publisher icon angristan

not work

Open franklinprc opened this issue 9 months ago • 4 comments

it does not work, there is no internet.

franklinprc avatar Jul 17 '25 02:07 franklinprc

People needs more details to fix this. At least the connectivity test results from your terminal.

sskras avatar Jul 18 '25 14:07 sskras

I have the same issue on several VPS with public ip address. I have several VPSs-the first VPS works fine with wireguard (where wireguard was installed several month ago with wireguard-install.sh and I have genereted plenty of .conf files), the second has a similar configuration as the first on the same hosting service and the third has a little different configuration on the another hosting service. All of these VPSs works on Ubuntu server 24.04. When I try to use wireguard-install.sh on the second and the third VPS it works fine and wireguard is installed correctly and .conf files are generated correctly as well. But when I try to rich any internet resource it fails when it is some http/https request. When it is a wss or ssh connection it works totally fine. Ping doesn't show some results when wireguard connection is active at all untill wirefuard connection is off. Unfortunately I don't have any network configuration abilities, so I've tried these potential resolves:

Tried to set mtu on the server and clien side as 1460, 1280 and 1384 (this value works for my home network with Mikrotik wireguard configuration).

Tried to set net.ipv4.ip_forward=1.

Tried allow udp port 59981 on ufw like this 'sudo ufw allow 59981/udp'.

Tried to change /etc/ufw/before.rules adding *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.66.66.0/24 -o eth0 -j MASQUERADE.

Tried to change /etc/default/ufw with setting DEFAULT_FORWARD_POLICY="ACCEPT" and restarting ufw

And finally I've tried 'iptables -t nat -A POSTROUTING -s 10.66.66.0/24 -o eth0 -j MASQUERADE' where eth0 has been changed to my public interface

All those above haven't worked. So I've tried again after reinstalling the os on one of VPSs and have this wg configuration on the server side [Interface] Address = 10.8.0.1/24,fd42:42:42::1/64 ListenPort = 59981 PrivateKey = private-key PostUp = iptables -I INPUT -p udp --dport 59981 -j ACCEPT PostUp = iptables -I FORWARD -i ens3 -o wg0 -j ACCEPT PostUp = iptables -I FORWARD -i wg0 -j ACCEPT PostUp = iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT PostUp = ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostDown = iptables -D INPUT -p udp --dport 59981 -j ACCEPT PostDown = iptables -D FORWARD -i ens3 -o wg0 -j ACCEPT PostDown = iptables -D FORWARD -i wg0 -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT PostDown = ip6tables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

I tried to change defauld 10.66.66.0 to 10.8.0.0, obviously it hasn't worked.

This is a client configuration [Interface] PrivateKey = client-private-key Address = 10.8.0.3/32, fd42:42:42::3/128 DNS = 1.1.1.1, 1.0.0.1 MTU = 1460

[Peer] PublicKey = peer-public-key PresharedKey = peer-preshared-key AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = my-vps-ip:59981

and this is my 'iptables -t nat -L -v' now, after OS reinstalling and running wireguard-install.sh Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 1 packets, 71 bytes) pkts bytes target prot opt in out source destination
14 964 MASQUERADE all -- any ens3 anywhere anywhere

So I don't understand why this used to work perfectly doesn't work now.

Space-Core-Dev avatar Jul 27 '25 15:07 Space-Core-Dev

Also same thing, did everything, that i found in the internet, but nothing helps... Data is sent from client but no response is received through the WireGuard tunnel. Is it some windows troubles?

thereayou44 avatar Aug 08 '25 13:08 thereayou44

I figured out what's the problem. It my case the hosting uses DPI and finds wg traffic easily. If you see in your client that it receives only 92b it means that handshake is successful but then traffic is blocked by DPI or something. So, your only choice in that case to use something with obfuscation like amnesiaWG. I would recoment something like this https://github.com/spcfox Runs in docker and has a UI which is preatty usefull

Space-Core-Dev avatar Aug 08 '25 14:08 Space-Core-Dev