wg_gaming_installer icon indicating copy to clipboard operation
wg_gaming_installer copied to clipboard

Published 20 hours ago verified publisher icon xiahualiu

wings pterodactyl not work

Open DEAM0 opened this issue 10 months ago • 3 comments

hello, wireguard tunnel with pterodactyl wings not works. I try connect, but internet in cointainer not work

DEAM0 avatar Feb 03 '25 16:02 DEAM0

this is likely related to my issue #34 in which the wireguard client is unable to accept tcp/udp traffic to its external address internally.

I am also attempting to run pterodactyl

ZekeZDev avatar Feb 04 '25 05:02 ZekeZDev

this is likely related to my issue #34 in which the wireguard client is unable to accept tcp/udp traffic to its external address internally.

I am also attempting to run pterodactyl

Sorry I was busy recently, so I didn't reply to your issue early.

I don't know about the pterodactyl, I want to know more about the network structure that you currently have.

I designed the WireGuard client (the WG node that runs behind router NAT) to forward all network traffic to the server side. So, the WireGuard client cannot respond to the internal IP subnet packets like 192.168.0.1, because the response packets will be also forwarded to the server side, which, will be dropped since 192.168.0.1 is not a reachable IP on the server side.

If I understand your setup correctly, the solution is actually quite simple.

On the client side, you can un-mask certain IP ranges in the AllowedIPs field, from:

[Peer]
....
EndPoint = <your-server-public-ip>
AllowedIPs = 0.0.0.0/0,::/0

To (This unmask IPs that are defined in the https://en.wikipedia.org/wiki/Private_network, so it should work out of the box for the most time), ipv6 addresses are not included here:

[Peer]
....
EndPoint = <your-server-public-ip>
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4

Or use this calculator to generate the AllowedIPs value, note the default allowed ip should be 0.0.0.0/0 and ::0/0, it means the client will forward all packets from any source IPs.

https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/

After this change, the packets from the local network will not be tunneled by WG and will just work as normal.

xiahualiu avatar Feb 04 '25 06:02 xiahualiu

@xiahualiu I haven't tested it yet but I am not sure if we are on the same page, incase this is a different issue to what @DEAM0 has ill continue my explaination in #34

ZekeZDev avatar Feb 04 '25 07:02 ZekeZDev

@xiahualiu That seems to have solved it for me, I'm running pelican panel (fork of pterodactyl) and I can now install game servers like normal.

EDIT: This config does cause connection issues at least on pelican, I believe on pterodactyl panel I was bind a game server to the wireguard interface (can't confirm), however with pelican I have to bind the game server to 0.0.0.0 and have "0.0.0.0/0, ::/0" in the allowed ips.

timswhatever avatar Jul 07 '25 05:07 timswhatever