Wireguard Issues

Hello,

I am trying to get Wireguard setup and am running into some issues. I am running the Sway version of EOS and attempted to connect to my self hosted Wireguard.

I have configured the Wireguard connection through network manager and am able to successfully connect to the VPN, however I am unable to access the internet or any linked servers (for example, by pinging them). I am pretty confident that the server-side config of Wireguard is correct, as I am able to use the VPN on other devices without issue.

Notably, I when I connect I do successfully get a handshake with the system.

Is there a step in the configuration I am missing that would “unblock” the connection? Are there any troubleshooting steps you would recommend I follow?

EndeavourOS has firewalld enabled by default. You should probably allow your wireguard ports in the firewalld applet.

Easiest way to check if it is a firewalld problem is by stopping it and checking if your service is working.

That does not seem to be the issue. I ran sudo systemctl stop firewalld and then tested Wireguard again and it still is unable to access the network.

I think configuring the using wireguard is tricking. I tried it myself and failed. Now I use tailscaled which is a no config wireguard VPN. All my computers run on it. I don’t use it for sharing internet but just for connecting them together.

Are you testing with names or IPs?

Take a look at ip route and ensure the traffic you need routed over the wireguard connection is.

IPs. Both local and public. For example 8.8.8.8

Here’s what ip route says:

default via 10.x.x.1 dev wg0 proto static metric 50 
default via 10.y.y.1 dev wlan0 proto dhcp src 10.y.y.y metric 600 
10.y.y.0/24 dev wg0 proto static scope link metric 50 
10.y.y.0/24 dev wlan0 proto kernel scope link src 10.y.y.y metric 600 
10.x.x.0/24 dev wg0 proto static scope link metric 50 
10.x.x.0/24 dev wg0 proto kernel scope link src 10.x.x.x metric 50 

My wireguard server is 10.x.x.1 while the 10.y.y.yis my local lan.

Yeah, I’ve been looking into that as well as nebula, but I need a full tunnel vpn which I do not think those protocols can do.

How are you using the tunnel? Are you only using it to connect to the resources on the other end or are you trying to generally route all your non-local traffic over it when connected?

1 Like

Both. I have self-hosted services I want to access and I also want to route my network traffic through it. The wireguard “server” is a local PFsense device.