Questions tagged [wireguard]
The wireguard tag has no usage guidance.
365
questions
27
votes
3
answers
67k
views
How to see debug logs for WireGuard (e.g. to see authentication attempts)
I've successfully set up a WireGuard VPN on my Debian 10 server. It was incredibly straight forward compared to the setup of OpenVPN, and it's working fine.
However, I can't see any logs beyond those ...
- 3,039
12
votes
2
answers
88k
views
Wireguard not completing handshake
I have two Debian GNU/Linux systems (bullseye/sid), both running wireguard on port 23456, both behind NAT. Both run a kernel version > 5.6 (wireguard mainlined).
System A is the server, and it ...
- 432
12
votes
3
answers
52k
views
Cannot setup WireGuard VPN
My goal is to create a VPN so
Clients have static IP addresses.
Clients are able to communicate with each other and the server,
Clients can reach global Internet through the VPN.
Also, I'd like to ...
- 293
9
votes
3
answers
17k
views
Wireguard Client Addition without restart
I am building a Wireguard VPN network, in which I want to add and remove peers on the server without restarting the service or losing connections with existing peers. Tried searching for the results, ...
- 93
8
votes
3
answers
40k
views
WireGuard user authentication
I've read the WireGuard specification, and it looks like WireGuard doesn't natively support any kind of user authentication (e.g. LDAP or something like that). Any client which has the server's public ...
- 259
7
votes
2
answers
5k
views
Wiregurard override wg0.conf
I have successfully installed Wireguard on Debian Buster. Now I wanted to configure IPv6 afterwards. I have done that. But the settings inside the [Peer]-Section of wg0.conf do not seem to be ...
- 645
7
votes
2
answers
23k
views
Wireguard VPN can't access internet and LAN
I have a server running Ubuntu 20.04 and wireguard 1.0.20200513-1~20.04.2. I installed the wireguard app on my phone (Android Samsung S20+) and disabled WIFI and connected to 4G. When the VPN is ...
6
votes
2
answers
8k
views
Make wireguard listen on multiple port
It there a way to make wireguar listen to multiple port ?
Like listenning on 80,53,and 4444.
I'm looking to achieve this without running multiple wire guard separate interface, to prevent having to ...
- 218
6
votes
1
answer
33k
views
Port forwarding with wireguard
Using applications like qbittorrent and airdcpp to share files. They all need some ports to be forwarded in order to be "connectable".
In the home connection I would go into the router ...
user760466
6
votes
3
answers
22k
views
Is it possible to disable default gateway in WireGuard VPN client?
Is it possible to disable default gateway in WireGuard VPN client?
I used "allowed IP" to my own subnet, but still whenever I try to connect to VPN server, the client sets default gateway to ...
- 4,289
6
votes
1
answer
20k
views
Wireguard - How to only tunnel some of the traffic
Is it possible to set up the Wireguard server so that only a list of ips [A, B, C,...] is tunneled via Wireguard - while the rest of the traffic is ignored and goes through the non-Wireguard interface?...
- 161
6
votes
1
answer
4k
views
Wireguard is losing connection for no reason. No connection issues
I have a WG "server" on ubuntu 18.04.6 LTS, hosted in the oracle free tier.
I've installed wireguard using well-known https://github.com/angristan/wireguard-install script. Then I've ...
- 71
5
votes
1
answer
4k
views
Broadcast UPnP over WireGuard
I have few devices: VDS, custom NAS on linux, laptop PC.
All of that successfully connected to one local subnetwork 10.1.1.0/24
Server configuration:
[Interface]
Address = 10.1.1.1/24
ListenPort = ...
- 151
5
votes
0
answers
3k
views
Need help troubleshooting periodic wireguard packet loss
I have a VPN server with Wireguard and OpenVPN on it. Most of my tunnels are OpenVPN, but I am working on transitioning over to Wireguard. The Wireguard server is at a main location, and I have 3 ...
- 131k
4
votes
4
answers
22k
views
How to start wireguard client on windows, in the background?
I have multiple computers (Win10 pro) placed at different remote locations (my partners) that I need to manage. I need to access them from a central location. So I have a central VPN server, and I ...
- 779
4
votes
3
answers
19k
views
Ubuntu 18.04.1, cannot add PPA wireguard/ubuntu/wireguard
I'm trying to install WireGurad on my fresh vanilla Ubuntu 18.04.1 machine, by following the instructions from WireGuard website. But when I try to execute very first command:
sudo add-apt-repository ...
- 259
4
votes
1
answer
5k
views
WireGuard & UFW : UFW blocks traffic on wg0, even if a rule allows it
I run Wireguard on Debian with the additional interface wg0. With this ufw rule, I would expect that ufw would pass my traffic:
ufw allow in on wg0 to any
But instead, ufw is blocking the traffic:
[...
- 645
4
votes
1
answer
5k
views
"very high" (probably?) MTU being set automatically on wireguard interface
So, I have a VPS running on Amazon Lightsail and I installed wireguard on it; I setup an interface this way:
[Interface]
Address = 10.255.128.1/24
MTU = 1420
SaveConfig = true
PostUp = iptables -A ...
4
votes
2
answers
5k
views
Wireguard use one client as gateway of another
I have a Wireguard VPN setup that basically looks like this:
P1 ---- S ---- P2 --- Internet
IP addreses:
P1 = 10.200.1.5
S = 10.200.1.1
P2 = 10.200.1.3
I am redirecting all traffic of P1 to S by ...
- 197
4
votes
2
answers
19k
views
Routing only the private network in wireguard VPN
I have a few hosts behind a NAT router that I want to access via a wireguard VPN. I could successfully configure the private network, but there's still something that baffles me.
I want each peer to:
...
- 53
4
votes
1
answer
8k
views
the wireguard not listening on port after started
I am starting the wireguard using this command:
wg-quick up wg0
this is whe wireguard status:
and using this command to see the listening port:
lsof -i:7456
why the wireguard not listening on ...
- 375
4
votes
1
answer
777
views
Redsocks not working with Wireguard, but works with OpenVPN
Summary
I use a VPN to route all of my traffic through. Until recently, I used OpenVPN, but then switched to Wireguard. Unfortunately, this broke my redsocks setup, and I can't figure out why.
I'm ...
- 75
4
votes
1
answer
21k
views
wireguard "destination address required" when trying to communicate from client-to-client rather than client-to-server
I have a simple wireguard network comprised of a single "server" (the only device with an externally routable ip address) and two clients. Communication between the server and the clients ...
- 44.1k
4
votes
1
answer
3k
views
Forward VPN traffic to another server
I have 2 servers:
server A: Public IP --> 104.x.x.x
server B: Public IP --> 188.x.x.x
server A has 2 VPN servers:
Openvpn --> tun0
Wireguard --> wg0
tun0: flags=4305<UP,POINTOPOINT,...
- 51
4
votes
0
answers
1k
views
Enable IPv6 IP forwarding on Windows by default
I'm running Wireguard on a Windows server, connected to multiple peers.
Peer A <-> Server <-> Peer B
In order to allow peers to ping each other (Peer A wants to reach Peer B), IP routing/...
- 41
3
votes
1
answer
2k
views
What does the subnet mask of the tunnel ip in Wireguard do?
Wireguard works even without setting a tunnel IP address, i.e. it's enough to set the AllowedIPs, endpoint addresses, private and public keys.
In the docs of OpnSense, there is the following warning:
...
- 302
3
votes
1
answer
4k
views
QNAP QTS v5 OpenVPN to Wireguard server migration
QNAP's QTS version 5 has now Wireguard as a protocol in QVPN. There is however - as opposed to to OpenVPN - no option to download an easy-to setup config file to quickly connect a client to your NAS.
...
- 345
3
votes
1
answer
618
views
Enabling wireguard log messages with secure boot / kernel lockdown enabled
On fedora 37, I am trying to enable kernel log messages for wireguard by executing this command in a root-shell:
echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
Unfortunately, ...
- 4,213
3
votes
2
answers
3k
views
IPv6 network for WireGuard VPN
I am currently migrating a company-internal VPN from OpenVPN to WireGuard.
While at it, I want to migrate it from IPv4 to IPv6.
The infrastructure currently consists of one server and ~1200 clients ...
- 144
3
votes
2
answers
12k
views
Wireguard Unable to Complete Handshake on Android only 4G network
I have a Wireguard server on my home network which works fine on all my devices, including my phone when it's connected on Wi-Fi. The problem comes when I disconnect from the Wi-Fi and go on 4G, now ...
- 33
3
votes
1
answer
4k
views
How to configure FreeNAS for a WireGuard VPN?
I have a FreeNAS 11.3 system and followed iXsystems' instructions on setting up WireGuard. With a simple wg0.conf I'm now able to connect successfully. I'd like to be able to use this setup as a ...
- 605
3
votes
1
answer
682
views
New WireGuard private key begins 'WEAK' - is this a warning?
I generated a WireGuard key in a virtual machine using the standard procedure wg genkey | tee privatekey | wg pubkey > publickey. The VM is running via KVM with virtio RNG backed by /dev/urandom.
...
- 242
3
votes
3
answers
15k
views
Route all traffic through Wireguard peer
I have a Wireguard VPN setup that basically looks like this:
P1 ---- S ---- P ---- LAN
Px -----|
S (ip 192.168.60.1) is a WG server running on Ubuntu 20.04 with ufw enabled, with a public IP (using ...
3
votes
2
answers
2k
views
Failure to configure Wireguard device via systemd-networkd on Google Compute Engine VM
Debian Buster image on a Google Compute Engine VM, and I have this systemd-networkd config placed at /etc/systemd/network/wg0.netdev to configure a Wireguard device:
[NetDev]
Name=wg0
Kind=wireguard
...
google-compute-engine
3
votes
1
answer
783
views
WireGuard over udp2raw routing issues for the tcp port on server
I have successfully made a connection to wireguard through TCP using udp2raw.
The abstract is:
My local MAC Server Via TCP Wireguard On the Server
127.0.0.1:3333 (UDP) <-...
- 173
3
votes
1
answer
3k
views
Wireguard forward traffic to host
I'm using Wireguard as docker container on a pi. I'm running a couple other services on the pi that I want to be only accessible over the wireguard connection. The wireguard server created an ...
- 31
3
votes
2
answers
8k
views
Wireguard VPN connection not resolving local host names
I have setup a Wireguard VPN on my raspberry pi and I can connect to it via client app on my mobile phone. I can access the internet though the phone and I confirm that the phone is using the same IP ...
- 191
3
votes
1
answer
2k
views
WireGuard Double VPN: Only forward WireGuard traffic
The Goal: A VPN chain
I'm attempting to achieve a VPN chain. The first server is my own VPS, while the second one is from Mullvad VPN. I use my VPS for multiple purposes and I would like to only ...
3
votes
1
answer
6k
views
Set up Wireguard Tunnel in Windows 10 With IP Forwarding
I'd like to set up WireGuard in Windows 10 using IP forwarding.
I've got a Windows 10 node ("server") which is connected to two LANs (by two interfaces).
LAN 1: 10.0.0.0/24 (public, ...
- 41
3
votes
1
answer
20k
views
How to configure wireguard to forward client IP address (with gateway)?
I am trying to configure wireguard to work as a VPN server. The main problem is, that the gateway only forwards the VPN server ip to other server, not my client IP.
My setup is the following:
...
- 133
3
votes
3
answers
6k
views
Chaining WireGuard Servers: Can ping both from client, but can't access internet. IP routing issue?
I am attempting a chained/double-hop VPN setup where all client traffic passes through 2 servers before reaching the internet:
Client → Server1 → Server2 → Public Internet
All peers are on these ...
- 225
3
votes
0
answers
428
views
Kubernetes: route traffic to a subnet via a pod (accesing management VPN clients from pods)
Given two pods deployed on different nodes:
myapp pod deployed on apps node
wireguard pod deployed on vpn node, using a subnet like 172.16.30.0/16
I need myapp to be able to be able to route traffic ...
- 137
3
votes
0
answers
594
views
How to redirect tailscale to shadowsocks
How to redirect tailscale traffic (TPC+UDP) through shadowsocks proxy on Linux?
I've tried ss-redirect with no success.
- 147
3
votes
0
answers
535
views
How to forward all incoming traffic to server A to server B and B returns it to A?
Suppose I have two servers: A and B. On both I have installed WireGuard.
On server A, wg0 is routed with IP 10.8.0.0/24 and on server B, wg0 is routed with IP 10.7.0.0/24.
Let's say server A's ...
- 49
3
votes
0
answers
618
views
How to find out which kernel module opened a socket?
When I try to find the process for an opened socket using e.g. ss I get the following output:
❯ sudo ss -tulpen
Failed to open cgroup2 by ID
Failed to open cgroup2 by ID
Netid State Recv-Q Send-Q ...
- 131
3
votes
1
answer
3k
views
Wireguard: packets returning from server are dropped
I set up wireguard by now on one server (with NAT enabled) and on a client (ubuntu). When I don't route all the traffic via the tunnel everything works. As soon as I start routing all the traffic ...
- 131
3
votes
1
answer
8k
views
Creating a socks5 proxy from a Wireguard vpn on client
I use ssh tunnel currently with Firefox and setup socks5 on it the point is that if the proxy is off and if there is problem with server then nothing loads,that's why I want to use socks proxy with ...
- 173
2
votes
1
answer
4k
views
How to forward/route packets via wireguard overlay network?
My question is related to basics in network routing and iptables, and is probably due to my lack of understanding on how I should set this up.
I have established an overlay network between hosts using ...
- 473
2
votes
2
answers
9k
views
Can't reach networks behind Wireguard VPN server. Split-tunneligt config on client
I have Wireguard server in my corporate network.
I can successfully connect to it from internet (using port publication).
Wireguard server has two interfaces:
1: eth0: 192.168.30.100/24
2: wg0: 192....
- 61
2
votes
1
answer
10k
views
Nginx reverse proxy through wireguard tunnel
I set up a wireguard tunnel between an AWS instance (acting as server) and a personal computer acting as client. Wireguard is installed on both in a docker container (using linuxserver image). On the ...
- 23