Iphone client cannot connect to wireguard server

Hi,

I just setup a wireguard server and I cannot connect my iphone to this server. don't know why, before I use freebsd computer as wireguard server was OK.
server
server conf:

network.wg0=interface
network.wg0.proto='wireguard'
network.wg0.private_key=''
network.wg0.listen_port='8161'
network.wg0.addresses='10.13.0.1/32'

peer conf:

network.@wireguard_wg0[2]=wireguard_wg0
network.@wireguard_wg0[2].description='iphone'
network.@wireguard_wg0[2].public_key='***'
network.@wireguard_wg0[2].allowed_ips='10.13.0.4/32'

client
iphone conf:

public_key='***'
Endpoint ="server ip:8161"
AllowedIPs = "server LAN"

Missing port opening firewall rule.

Missing client address, private key.

my iphone conf was working before (freebsd as wireguard sever).
and I have also setup site to site peers was OK.
Just iphone not working.

wg show

interface: wg0
  public key: *********************
  private key: (hidden)
  listening port: 8161

peer: ********************
  endpoint: anotherWAN:8161
  allowed ips: LAN.0/24
  latest handshake: 1 minute, 13 seconds ago
  transfer: 1.63 MiB received, 18.83 MiB sent
peer: ***************
  allowed ips: 10.13.0.4/32

iptables-save -c -t filter | grep -e 8161

[0:0] -A zone_wan_input -p udp -m udp --sport 8161 -m comment --comment "!fw3: Allow-Wireguard-Inbound" -j ACCEPT

This is wrong.
You need to use the dest_port option.

I need change "8161" to "dest_port" at the Source port ?

The rule should match the destination port, not the source port.

thanks a lot, it works

I have another question,
this router was connect to one side router, I just setup to use wireguard.
I have found as the site to site VPN I can only ping the side router's ip, other computers from side router all I cannot access.

It's best to mark this thread as solved and open a new one providing the proper diagnostics from both sides of the tunnel.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.