WireGuard: can't ping other peers, but handshake works and other peers can ping each other

General system Applications
1

I’ve recently set up WireGuard on a server using wg-easy (so the config files are generated, not typed out by hand) and I successfully connected a couple of peers, including another computer with an Arch-based distro. The last one to set up is my laptop with EndeavourOS and I just can’t figure out why this single device is not able to ping other peers (or reach http services hosted on those peers). Let’s say I’m trying to connect to a PC. The four most important bits (I think):

  1. The ping actually reaches the PC and the PC does respond (verified using tcpdump), but the response is never received by the laptop. I’m no expert but to me it suggests it’s not an issue with the wg config (ip route get PC-IP returns the correct interface).
  2. I disabled firewalld and it still didn’t work (tried looking at the logs before I did that but it also didn’t seem like it was blocking anything).
  3. The handshake with the server (where wg-easy is set up) works.
  4. I am able to ping the PC via it’s non-WireGuard IP.

I also tried some other common-sense solutions like restarting the interface with wg-quick, rebooting, switching to another network, nothing helps. I’ve no idea what could be the issue here, so any help would be appreciated :slight_smile:

Thanks!

2

Hey, welcome on the forum! :partying_face: :enos_flag:

After reading your message, i think that Tailscale will provide exactly what you looking for. They use wireguard and “derp” as a complementary solution for non compatible communication. Each connection is created when they are require and each of them do the shortest road possible. Cherry on top, no network setup is require.

By default you will use they’re “master” but since you look like a fearless person, you can host your own instance with Headscale and nginx proxy manager for example. Caddy work also great but i prefer the web interface of NPM.

edit:
Also Tailscale is open source excepting for the “master” server, this explain why Headscale is born :slight_smile:

3

Thanks!

Unfortunately, tailscale devoured my Android’s battery, same for ZeroTier. Previously, I used Netmaker, which on Android integrated with the standard WireGuard app, and that worked well. That’s why now I tried wg-easy, and I was able to connect everything, just not this one device.

4

Oh yeah Tailscale drain the battery for sure. Since my phone is almost always plugged that work great for me. I know that the Ts team is working on it.