Installed fine. Still no internet:
What does the Wireguard service say? (in the webadmin or systemctl status wireguard.service
).
Oh, and have you rebooted your server after installing the app? It is not needed for any app, except the ones altering the Linux kernel like this one.
Oops that was not the right service to check:
systemctl status wg-quick@wg0.service
Stupid question: have you clicked on the Apply config
button at the top right of WireGuard UI?
If not, do it, if yes, try system restart wg-quick@wg0.service
and report any error
No silly questions when dealing with noobs like me. lol. I’m probably doing something wrong that you would intuitively have done.
Yes, I had done the Apply Config already. Did it again just to confirm. No change.
The system restart command does not work: -bash: system: command not found
If I start making typos, we won’t go anywhere :
systemctl restart wg-quick@wg0.service
and then:
systemctl status wg-quick@wg0.service
This looks quite good. Still no luck?
Can you check that the “Listen port” required by WireGuard is actually opened? (there was an oversight in the previous version and both the UI and VPN were using the same port). It is written in the Wireguard Server Settings page of the UI.
It should be opened in both YunoHost and your router.
When you say port opened in both YNH and my router …
In YNH it is open in UDP, but not TCP. Screenshot below.
My router: YNH is running on a VPS in a different city. I’m not sure what you mean by checking the router. The one in my house should not be affected … maybe I’m wrong? I’m not sure how to check the VPS routing.
WireGuard uses UDP, so no problem here.
I assumed your WireGuard app was at home. If it’s on a VPN, then YunoHost’s firewall is solely handling the port, so no problem here either.
I am a bit at a loss here, sorry
Can you post screenshots of your configuration?
Hi. I don’t mind giving you full access to my server if that would make this process easier. Like I said, it’s a clean install and I’m using a URL I’m holding for a future project for the domain. So nothing private there. I suspect this is something stupid that I’ve missed.
Would that work?
The upgrade script will try to remove the backport kernel if you run on it, you will need to reboot.
I tried again to install Wireguard, but this time, I rebooted the server (R.I.P. uptime)
Now the service starts, and I have wg0 in the list of network.
Bun when my device is connected to the server, I have no access to Internet (or to anything)
Maybe this is due to the configuration ?
the wireguard server interface is 10.10.10.0/24
The client address is 10.10.10.1/32
Allowed IP : 0.0.0.0/0
enp3s0 IP is 192.168.1.101 (in ipv4, there are several ipv6 available)
I added the post up/down scripts,
Anything I should do ?
Weird…
You can confirm that your post scripts are these?
Post Up:
iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE
Post Down:
iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE
Do not forget to Apply Changes
with the red button at the top right of the page.
Can you then try:
ping 10.10.10.0
ping 1.1.1.1
The 2 lines are exactly the sames, and I applied the changes (multiple times, just to be sure…)
ping 10.10.10.0 works
ping 1.1.1.1 does not (it works from the server)
Wild guess: can you make sure that in /etc/sysctl.conf
, you have net.ipv4.ip_forward = 1
?
no, this line is commented.
In fact, all this file is commented.