Wireguard server connected but no internet from client

ASFP · December 8, 2021, 10:16pm

@psherman This all looks good to me. Except that you have this rule twice now. Probably was already configured and I've overseen it. You can disable this one.

From my view your firewall rules are correct. Your VPN interface is in the LAN Zone and you allow forward from lan -> wan.
I myself have my VPN interface in a separate firewall zone to manage things better, but it should make no difference.

SiaNariman · December 8, 2021, 10:23pm

the docs forced me to this rule via wan. But anyway still the same issue with WAN or LAN rules

krazeh · December 8, 2021, 10:27pm

What's the output of ip -4 addr ; ip -4 ro li tab all ; ip -4 ru

SiaNariman · December 8, 2021, 10:30pm

ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
9: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 87.XX.XXX.15/25 brd 87.XX.XXX.127 scope global eth1.2
       valid_lft forever preferred_lft forever
10: vpn: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 192.168.9.1/24 brd 192.168.9.255 scope global vpn
       valid_lft forever preferred_lft forever
default via 87.XX.XXX.1 dev eth1.2 proto static src 87.XX.XXX.15 
87.XX.XXX.0/25 dev eth1.2 proto kernel scope link src 87.XX.XXX.15 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
192.168.9.0/24 dev vpn proto kernel scope link src 192.168.9.1 
192.168.9.2 dev vpn proto static scope link 
broadcast 87.XX.XXX.0 dev eth1.2 table local proto kernel scope link src 87.XX.XXX.15 
local 87.XX.XXX.15 dev eth1.2 table local proto kernel scope host src 87.XX.XXX.15 
broadcast 87.XX.XXX.127 dev eth1.2 table local proto kernel scope link src 87.XX.XXX.15 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1 
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1 
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1 
broadcast 192.168.9.0 dev vpn table local proto kernel scope link src 192.168.9.1 
local 192.168.9.1 dev vpn table local proto kernel scope host src 192.168.9.1 
broadcast 192.168.9.255 dev vpn table local proto kernel scope link src 192.168.9.1 
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

SiaNariman · December 9, 2021, 8:02am

Double check the keys via ssh fixed my issue. It was some character missing in the wgclient.psk section

Thank you for all your assistance

[Interface]
PrivateKey = <Client private key wgclient.key>
Address = 192.168.9.2/32
DNS = 9.9.9.9, 149.112.112.112

[Peer]
PublicKey = <server public key wgserver.pub>
PresharedKey = < client PresharedKey wgclient.psk >
AllowedIPs = 0.0.0.0/0
Endpoint = PUBLIC_IP:51820

system · December 19, 2021, 8:02am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.