Wireguard port closed, why?

joro · September 3, 2019, 7:41pm

I tried to set up wireguard using the "official" instructions which look pretty straightforward. Still, after completing them, there is nothing listening on port 51820, even though the port is open in the firewall and the wireguard interface is running. I basically copied and pasted the instructions to ensure I got everything right.
nc -zv [server address] 51820

says
nc: can't connect to remote host (xxxx): Connection refused

even though wg show says:

wg show
interface: wg0
  public key: XXXXX
  private key: (hidden)
  listening port: 51820

Does anyone have a suggestion what I could try? This is strange, isn't it?

vgaetera · September 3, 2019, 8:55pm

# netstat -l -n -p | grep -e 51820
udp        0      0 0.0.0.0:51820           0.0.0.0:*                           -
udp        0      0 :::51820                :::*                                -

# nc -h | grep -i -e udp
  -u, --udp                  UDP mode

yousong · September 4, 2019, 2:12am

WireGuard uses UDP. Netcat needs -u for udp communication.

It's also worth noting that WireGuard tries to be silent on "bad" traffic. If with -u you receive connection refused, then likely wireguard is not listening. If nothing happens, then likely wireguard is on and silently ignoring "bad" input messages.

lleachii · September 4, 2019, 6:53am

@joro, welcome to the community!

Your config is incomplete. You have not assigned an IP to the interface, nor do you specify a peer.

Also, I'm not sure why you're attempting to use nc to test instead of Wireguard itself.

ulmwind · September 4, 2019, 12:17pm

It is not config, it is output of command.

Try to connect using wireguard, and after that ask questions.

lleachii · September 4, 2019, 1:13pm

Correct, and the output is incomplete - nonetheless, we need the peer information.

Let's see the data, peer and handshake information once the OP's connected.

vgaetera · September 4, 2019, 1:38pm

Probably it is not the whole output.

It is runtime configuration:

ulmwind · September 4, 2019, 1:47pm

In this output there is no information about tunnel IP of server (https://www.wireguard.com/quickstart/):

vgaetera · September 4, 2019, 2:38pm

It doesn't matter whether peers present or not.
This is still a part of runtime configuration, and WireGuard can listen on port/interface anyway.

lleachii · September 7, 2019, 12:26am

To be clear (since there's been no further responses), your Wireguard screenshot shows that the peers can communicate with your OpenWrt device. It's working.