Im trying to use my raspberry pi as a wireguard server.
Plugging my raspberry Pi into my router via Ethernet cable, Router assigns pi ip 192.168.1.35
Confirmed the pi receives internet access via router by using laptop to SSH into the pi@192.168.1.35 and running cmd ping www.startpage.com
The problem arises when I run cmd wg-quick up wg0 on the pi, I lose all internet access. Ping via ssh no longer works If I run wg-quick down wg0 I regain internet access
My pi wireguard conf file
I notice that wg-quick up wg0 is modifying my nft ruleset when up
sudo nft list ruleset
when wg0 interface is down, these rules dont exist, so maybe something in these rules is blocking internet access within the pi
Problem Elimination
Plugging my raspberry Pi into my router via Ethernet cable, Router assigns pi ip 192.168.1.35
Confirmed the pi receives internet access via router by using laptop to SSH into the pi@192.168.1.35 and running cmd ping www.startpage.com
The problem arises when I run cmd wg-quick up wg0 on the pi, I lose all internet access. Ping via ssh no longer works If I run wg-quick down wg0 I regain internet access
My pi wireguard conf file
Code:
sudo nano /etc/wireguard/wg0.conf[Interface]PrivateKey = [SERVER_PRIVATE_KEY]Address = 192.168.1.100ListenPort = 51820[Peer]PublicKey = [CLIENT_PUBLIC_KEY]AllowedIPs = 0.0.0.0/0, ::0I notice that wg-quick up wg0 is modifying my nft ruleset when up
sudo nft list ruleset
Code:
table ip wg-quick-wg0 { chain preraw { type filter hook prerouting priority raw; policy accept; iifname != "wg0" ip daddr 192.168.2.100 fib saddr type != local drop } chain premangle { type filter hook prerouting priority mangle; policy accept; meta l4proto udp meta mark set ct mark } chain postmangle { type filter hook postrouting priority mangle; policy accept; meta l4proto udp meta mark 0x0000ca6c ct mark set meta mark }}Problem Elimination
- 192.168.1.100 isnt used by any other device on router
- uncommenting net.ipv4.ip_forward=1 in /etc/sysctl.conf makes no difference, the exact problem remains the same, inet access with ip4 commented or uncommented with wg0 down, no inet access with ip4 commented or uncommented with wg0 up
- the wireguard client is irrelevant at this stage
- The problem isnt anything to do with wireguard private/public keys, as it throws errors when it is
Statistics: Posted by GTA3 — Sun Apr 07, 2024 7:31 pm — Replies 0 — Views 19