Hi All A novice user here and looking for some pointers on how i could fix this issue.
I had been successfully using wireguard to get access to my local network. Recently i started looking into a VPN service that i could connect to my router. So i started playing with mullvad vpn and setup my router to have a vpn client so all my network traffic goes via vpn. I followed the following guide https://mullvad.net/en/guides/asus-merlin-and-mullvad-vpn/ Ever since i enabled this i am not able to connect to wireguard from outside my home network. What is interesting is that when i check the status of the connections on the server the endpoint entry has the correct ip but the latest handshake time does not get updated and i no longer have access to my internal network. peer: xxxx endpoint: 73.xx.xx.xx:1543 allowed ips: 192.168.100.x/32 latest handshake: 21 minutes, 24 seconds ago transfer: 1.24 MiB received, 5.46 MiB sent Logs from the wireguard client on my android phone have the following: 03-06 00:23:51.800 28912 17051 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Starting... 03-06 00:23:51.800 28912 28935 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Routine: sequential receiver - started 03-06 00:23:51.800 28912 28935 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Routine: nonce worker - started 03-06 00:23:51.800 28912 28935 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Routine: sequential sender - started 03-06 00:23:51.800 28912 17051 I WireGuard/GoBackend/wg0: Device started 03-06 00:23:52.551 28912 10784 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Sending handshake initiation 03-06 00:23:52.567 28912 10784 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Awaiting keypair 03-06 00:23:57.557 28912 15089 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Sending handshake initiation 03-06 00:24:02.561 28912 10784 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Handshake did not complete after 5 seconds, retrying (try 2) 03-06 00:24:02.561 28912 10784 D WireGuard/GoBackend/wg0: peer(vDK2…wCDs) - Sending handshake initiation I can connect to my network using ISP or VPN IP. The above issue is what i am running into when i use the isp ip address to talk to wireguard. I tried using VPN IP to talk to wireguard but i could not get port forwarding to work. I have confirmed port forwarding via mullvad is working as i am using it for other services. As per the mullvad guide i had added the following rule to forward the port to wireguard. #iptables -t nat -A PREROUTING -i tun+ -p udp --dport 9934 -j DNAT --to-destination 192.168.1.63:54930 So i am not sure if there are additional forwarding rules required and/or policy rules for the vpn client to get this setup working. On my server my conf is [Interface] Address = 192.168.100.1/32 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 54930 PrivateKey = xxxxx [Peer] PublicKey = xxxx AllowedIPs = 192.168.100.2/32 on my client my config is [Interface] Address = 192.168.100.2 PrivateKey = xxxxx ListenPort = 21841 DNS = 192.168.1.63 [Peer] PublicKey = xxxx Endpoint = ddns:xxx AllowedIPs = 192.168.1.0/24 # This is for if you're behind a NAT and # want the connection to be kept alive. PersistentKeepalive = 25 -- Arpit
_______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard