You are not logged in.

Pages: 1

#1 2025-06-17 13:49:52

Irelandnokuro
Member
Registered: 2025-05-10
Posts: 8

WireGuard connection not working.

I have a vps on ubuntu 22.04
here's my server interface:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT;iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i %i -j ACCEPT;iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
ListenPort = 48670
PrivateKey = {key

and here's my client interface:

[Interface]
PrivateKey = {key}
Address = 10.0.0.2/24
DNS = 8.8.8.8, 1.1.1.1

[Peer]
PublicKey = {key}
AllowedIPs = 0.0.0.0/0
Endpoint = 46.x.x.161:48670

I bring up the interfaces on both sides but when I try to ping anything, It doesn't work. when I kill the ping command I get:

--- 10.0.0.1 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10221ms

This my first time working with wireguard, so I apologize if this is a dumb question. I'd be very happy if someone could help me though.

Offline

#2 2025-06-17 15:27:14

-thc
Member
Registered: 2017-03-15
Posts: 929

Re: WireGuard connection not working.

The server configuration is missing a [Peer] section for the client.

The PostUp/PostDown commands end with a superficial ";". The commands are missing the rule for forwarding outgoing traffic.

Offline

#3 2025-06-17 16:53:53

Irelandnokuro
Member
Registered: 2025-05-10
Posts: 8

Re: WireGuard connection not working.

-thc wrote:

The server configuration is missing a [Peer] section for the client.

The PostUp/PostDown commands end with a superficial ";". The commands are missing the rule for forwarding outgoing traffic.

Thank you for the information, Can you provide me with some resources to setup a peer in the server for the client and implement the rule for forwarding outgoing traffic?
I originally followed the guide below to set this up:
https://serversideup.net/blog/how-to-se … untu-20-04
I would really appreciate the help.

Offline

#4 2025-06-17 17:44:41

-thc
Member
Registered: 2017-03-15
Posts: 929

Re: WireGuard connection not working.

Look here: https://wiki.archlinux.org/title/WireGu … figuration

Offline

#5 2025-06-17 19:04:29

Irelandnokuro
Member
Registered: 2025-05-10
Posts: 8

Re: WireGuard connection not working.

-thc wrote:

I believe I did Everything you said, but the problem persists.
Here is the updated files.
server:

[Interface]
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT;iptables -A FORWARD -o %i -j ACCEPT;iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT;iptables -D FORWARD -i %i -j ACCEPT;iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 48670
PrivateKey = {key}

[Peer]
PublicKey = {key}
AllowedIPs = 10.0.0.2/32

client:

[Interface]
PrivateKey = {key}
Address = 10.0.0.2/32
DNS = 8.8.8.8, 1.1.1.1

[Peer]
PublicKey = {key}
AllowedIPs = 0.0.0.0/0
Endpoint = 46.x.x.161:48670

Offline

#6 2025-06-18 00:23:17

dakota
Member
Registered: 2016-05-20
Posts: 401

Re: WireGuard connection not working.

Irelandnokuro wrote:

PostUp = iptables -A FORWARD -i %i -j ACCEPT;iptables -A FORWARD -o %i -j ACCEPT;iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT;iptables -D FORWARD -i %i -j ACCEPT;iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Are you sure the PostDown statement is correct? Shouldn't the middle section have a -o instead of a -i ?

Cheers,

"Before Enlightenment chop wood, carry water. After Enlightenment chop wood, carry water." -- Zen proverb

Offline

#7 2025-06-18 05:37:20

-thc
Member
Registered: 2017-03-15
Posts: 929

Re: WireGuard connection not working.

Irelandnokuro wrote:

I believe I did Everything you said, but the problem persists.

Make sure that the "server" is listening properly. The command

wg

should lead to an output of the interface followed by the configured, but not yet connected peer(s):

interface: wg0
  public key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
  private key: (hidden)
  listening port: 48670

peer: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
  preshared key: (hidden)
  allowed ips: 10.0.0.2/32

Then start the "client" and send a single ping to the internal WireGuard address ("ping -c 1 10.0.0.1") to initiate traffic. (Just starting the client will create no traffic at all.)

Issue the command above ("wg") on the "server" again. If the "peer" section doesn't show three additional lines

peer: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
  preshared key: (hidden)
  endpoint: X.Y.Z.T:29459
  allowed ips: 10.0.0.2/32
  latest handshake: 2 minutes, 6 seconds ago
  transfer: 75.47 KiB received, 269.48 KiB sent

then the underlying network connectivity is faulty/missing or the key pairs are incorrect.

Last edited by -thc (2025-06-18 13:12:20)

Offline

Pages: 1

Board footer

Powered by FluxBB