Wireguard server no tx or rx on interface

I was experimenting with running a Wireguard server on my WR3200ACM. However when following the guide and even the full script line by line my Wireguard server interface always has 0 TX or RX traffic once it is up, so this suggests nothing is flowing across the interface at all. The Wireguard server interface is definitely up and I can see the UDP port 51820 in netstat so Wireguard is listening on the set listening port (default 51820).

I can also ping the Wireguard server IP on the local network:

root@linksys-wrt3200acm:~# ping 192.168.9.1
PING 192.168.9.1 (192.168.9.1): 56 data bytes
64 bytes from 192.168.9.1: seq=0 ttl=64 time=0.098 ms
64 bytes from 192.168.9.1: seq=1 ttl=64 time=0.077 ms
64 bytes from 192.168.9.1: seq=2 ttl=64 time=0.075 ms
64 bytes from 192.168.9.1: seq=3 ttl=64 time=0.080 ms
64 bytes from 192.168.9.1: seq=4 ttl=64 time=0.077 ms

Testing the wgserver interface with ping I get the following, but I don't know if this is expected?

root@linksys-wrt3200acm:~# ping -I wgserver 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No error information

I was wondering if anyone else has experienced this? I figured it might be related to mwan3 as I've read potential UDP related issues. I also have several WG client interfaces connecting to another provider which work fine however. The no TX or RX however seems like a pretty major issue though, but not quite sure why it doesn't work. It looks like there are some TX errors though.

wgserver  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.9.1  P-t-P:192.168.9.1  Mask:255.255.255.255
          inet6 addr: fdf1:e8a1:8d3f:9::1/128 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:2 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

My OpenWrt router is the gateway so there shouldn't be any major configuration required other than the Wiki instructions but there is absolutely no traffic showing across the Wireguard server interface by the looks of it. Having tcpdump pointed to the interface shows 0 packets of anything.

Connecting with a client also doesn't show any traffic, so I don't even think the traffic is being routed at all. Should I be adding the Wireguard server into mwan3 for tracking?

What am I missing?

It seems this may be related: Can't get Wireguard to work with mwan3 - #5 by JustWilder.

I potentially need to add the WG server interface to my mwan3 config so it can be tracked like another WAN interface essentially?

Has anyone got an ideas where else I can start with this?

Potentially related to this?

If there is at least a successful handshake between the peers, you definitely should see some RX/TX activity on the wireguard interface. Connect a client and check the wireguard status.

WG ready for connection:

root@OpenWrt:~# wg show
interface: wg0
  public key: XXX
  private key: (hidden)
  listening port: 51820

peer: XXX
  preshared key: (hidden)
  allowed ips: 10.9.8.2/32, 192.168.1.0/24
  persistent keepalive: every 25 seconds

Connection established:

root@OpenWrt:~# wg show
interface: wg0
  public key: XXX
  private key: (hidden)
  listening port: 51820

peer: XXX
  preshared key: (hidden)
  endpoint: XX.XX.XX.XX:51820
  allowed ips: 10.9.8.2/32, 192.168.1.0/24
  latest handshake: 21 seconds ago
  transfer: 67.05 KiB received, 203.81 KiB sent
  persistent keepalive: every 25 seconds

That seems to be the first issue, I can't get a handshake at all.

I can see the UDP request from external, but no acknowledgement and hence no handshake. I'm reading that potentially with mwan3 the handshake reply could be going over the wrong WAN so that's potentially why.

Although when setting the endpoint to the local IP of my router in the LAN I still don't get a handshake so maybe not...

Ignore me, I'm an idiot. I had reversed the public key for the peer and server. Helps when you actually understand private and public key authentication! The mwan3 issue may still be present potentially based on reading some other information but it isn't the issue for at least connecting and handshaking!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.