[solved]wireguard won't connect using config file

[Autchirion]

Hello Guys,

 

I just got my second server and set it up. I want to use my old server as an off-site backup (off site) solution in case of a disaster and my new server will be at home. Both Servers are running unraid 6.11.1.

I've got wireguard running on my router to handle incomming VPN connections to my home.

 

For all my other devices I'm using a simmilar config structure, however if I import this config and select "VPN tunneld access for System" it doesn't seem to work.

Workflow (what I do on the server=> server response):

1. Import the config (see code) => config shows up in interface
2. select "VPN tunneld access for System"
3. click Apply => config is stored
4. reboot (just in case)
5. set switch from inactive to inactive => switch directly jumps back to inactive and syslog output: "Oct 19 13:28:14 servername wireguard: Tunnel WireGuard-wg0 started" (no more output)
6. check on my router => there was an initial handshake, but the connection got closed immediately after that

 

Config:

[Interface]
PrivateKey = OffsitePrivateKey
Address = 192.168.2.11/32
DNS = 8.8.8.8

[Peer]
PublicKey = HomePublicKey
AllowedIPs = 0.0.0.0/0
Endpoint = domain:port
PersistentKeepalive = 25

 

I don't know what I'm doing wrong here, since this is working for all other devices I'm using. If anyone can point me into the right direction I would be greatfull.

 

Thank you in advance

Autchi

Edited October 21, 2022 by Autchirion
solved

[ljm42]

5 hours ago, Autchirion said:

select "VPN tunneld access for System"

 

Does it work if you choose one of the other peer options?  If so, switch to advanced mode and see if there are any warnings/errors/required fields when you set it to "vpn tunneled access for system"

 

If that doesn't help, open a web terminal and type:

rm /var/log/wg-quick.log

then try to start the tunnel. Go back to the web terminal and type:

cat /var/log/wg-quick.log

and copy/paste the result back here. Hopefully there will be some clues.

[Autchirion]

I already tried the "vpn tunneled access for Docker" option, same behavior. The other options all require "Peer allowed IPs:" which I don't exactly know what is supposed to be put in.

 

I delete the wq-quick.log and then activated the tunnel set for Docker (btw. had to reboot the server first, before that wg-quick.log wasn't beeing created):

server:~# cat /var/log/wg-quick.log
wg-quick up wg0 (autostart)
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.2.11 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
[#] logger -t wireguard 'Tunnel WireGuard-wg0 started'
[#] ip -4 route flush table 200
[#] ip -4 route add default via 192.168.2.11 dev wg0 table 200
[#] ip -4 route add 192.168.1.0/24 via 192.168.1.1 dev  table 200
Error: either "to" is duplicate, or "200" is a garbage.
[#] iptables-restore -n
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0

Edited October 20, 2022 by Autchirion

[ljm42]

14 hours ago, Autchirion said:

[#] ip -4 route add 192.168.1.0/24 via 192.168.1.1 dev  table 200
Error: either "to" is duplicate, or "200" is a garbage.

 

Sorry, you are running into this bug:

  https://forums.unraid.net/topic/129257-6111-vpn-tunnel-failing/#comment-1181934

 

 

We're working on a fix for the next release

 

[ljm42]

@Autchirion And just like that we've got the fix  

  https://forums.unraid.net/topic/129257-6111-vpn-tunnel-failing/page/2/#comment-1182737 

 

[Autchirion]

solved it for me, thank you