You are not logged in.
I am trying to set up a Wireguard server for private networking. I have a server on DigitalOcean running Debian buster acting as the server and a computer running Arch linux as the peer.
There seems to be a connection through to the server since
wg show
shows a handshake having occurred, however the output of both netcat and ping indicates no connection between the two computers. Why might this be?
Configs:
Server /etc/systemd/network/90-wireguard.netdev
[WireGuard]
ListenPort = 51820
PrivateKey = (server privkey)
[WireGuardPeer]
PublicKey=(client pubkey)
AllowedIPs = 10.10.10.2/32
Server /etc/systemd/network/90-wireguard.network
[Match]
Name = wg0
[Network]
Adress = 10.10.10.1/32
[Route]
Gateway = 10.10.10.1
Destination = 10.10.10.0/24
Server ip addr
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
Server wg show
interface: wg0
public key: MqvSrUg/LBIbJKkeIEUwBBqXo2uMTN1oh3Jh2FWl7H4=
private key: (hidden)
listening port: 51820
peer: nuBONaL+eujayc92fCqY9xxMwXqrEKtLx/0XrEH6OGI=
endpoint: 31.3.72.56:42751
allowed ips: 10.10.10.2/32
latest handshake: 1 minute, 57 seconds ago
transfer: 4.27 KiB received, 800 B sent
Client /etc/wireguard/private.conf
[Interface]
Address = 10.10.10.2/32
PrivateKey = (client privkey)
[Peer]
PublicKey = (server pubkey)
AllowedIPs = 10.10.10.0/24
Endpoint = 157.230.29.44:51820
PersistentKeepalive = 25
Client Ip Addr
14: private: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.10.10.2/32 scope global private
valid_lft forever preferred_lft forever
Client wg show
interface: private
public key: nuBONaL+eujayc92fCqY9xxMwXqrEKtLx/0XrEH6OGI=
private key: (hidden)
listening port: 42751
peer: MqvSrUg/LBIbJKkeIEUwBBqXo2uMTN1oh3Jh2FWl7H4=
endpoint: 157.230.29.44:51820
allowed ips: 10.10.10.0/24
latest handshake: 50 seconds ago
transfer: 616 B received, 3.59 KiB sent
persistent keepalive: every 25 seconds
I had a spelling error in my config files
Last edited by cpcp800 (2019-08-13 11:49:56)
Offline
Please post the actual output of
ip addr
ip route
and the respective ping commands you issued.
Last edited by schard (2019-08-13 11:02:21)
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline
Please post the actual output of
ip addr ip route
and the respective ping commands you issued.
Ip route from server:
default via 157.230.16.1
10.19.0.0/16 dev eth0 proto kernel scope link src 10.19.0.5
157.230.16.0/20 dev eth0 proto kernel scope link src 157.230.29.44
Ip route from client:
default via 10.3.3.1 dev wlp3s0 proto dhcp src 10.3.4.168 metric 303
10.3.0.0/21 dev wlp3s0 proto dhcp scope link src 10.3.4.168 metric 303
10.10.10.0/24 dev private scope link
Full Ip addr from client
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s31f6: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 50:7b:9d:ee:9a:a0 brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 44:85:00:40:6e:8d brd ff:ff:ff:ff:ff:ff
inet 10.3.4.168/21 brd 10.3.7.255 scope global noprefixroute wlp3s0
valid_lft forever preferred_lft forever
inet6 fe80::1b5b:201c:e1a4:b17d/64 scope link
valid_lft forever preferred_lft forever
14: private: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.10.10.2/32 scope global private
valid_lft forever preferred_lft forever
Offline
The server does not have a route to the WireGuard network.
You should investigate this.
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline
I am not very experienced in the networking side of things. How should i investigate this? There is already a [Route] in /etc/systemctl/network/90-wireguard.network
Offline
Is your Debian server even using systemd-networkd?
Okay, obviously already solved.
Last edited by schard (2019-08-13 13:06:09)
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline