Jump to content
Not connected, Your IP: 3.17.183.187
moejoe

ANSWERED [solved] Server Connection issues with Wireguard

Recommended Posts

Cable-Router: Vodafone Station
VPN-Router: Glinet Router GL-MT300N-V2 
  • Firmware: 3.211  based on  OpenWrt 19.07.8
Client:  Raspberry Pi 2 Model B Rev 1.1  with dyndns ( ddclient)

Hello folks,

Im running an server module on my raspberry successfull over an vpn client over openvpn  on the Glinet Router.
But if i switch to wireguard, no connections are able to connecting from outside to the Ras
Atm im use for connecting through wireguard  the Customized Glinet Interface and not the Luci One which is based on that.

But i have some custom iptables commands, to forward my ports:
 
iptables -A INPUT -i tun0 -p tcp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o tun0 -p tcp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun0 -p udp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o tun0 -p udp --dport 51813 -m state --state NEW,ESTABLISHED -j ACCEPT


iptables -I FORWARD -i tun0 -p udp -d 192.168.2.12  --dport   51813  -j ACCEPT
iptables -I FORWARD -i tun0 -p tcp -d 192.168.2.12   --dport  51813 -j ACCEPT
iptables -t nat -I PREROUTING -i tun0 -p tcp --dport  51813 -j DNAT --to-destination 192.168.2.12:45345
iptables -t nat -I PREROUTING -i tun0 -p udp --dport 51813 -j DNAT --to-destination 192.168.2.12:45345
iptables -t nat -A PREROUTING -i tun -p udp --dport 51813  -j REDIRECT --to-ports 45345
iptables -t nat -A PREROUTING -i tun -p udp --dport 51813  -j REDIRECT --to-ports 45345



So I'm not quite sure, why openvpn works but with  WG it  doesnt.


May someone has a clue, or know an approach to figure out on which point i have to take action. 


best regards





 

Share this post


Link to post

Be advised that Wireguard interface naming is not standardized like it is with OpenVPN. These same rules probably must be rewritten for whatever the name of the Wireguard interface is (unless you specifically called the profile or config tun0[.conf]), unsure how OpenWrt handles interface naming there.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
@OpenSourcerer
OMG

Thnx for this hint , i think i was blended from the support from my former vpn provider  ovpn before. they said that everything which is used with openvpn should work with wg also without addtional configs or rules.

I added the Rules for the temp wg interface also and everything seems to work now.

But, to be fair, i was a little bit blind to see and unable to look through the mist. 

moreover: do i need every rule for the port forwarding ? im not quite sure if i need one chain at the top ( insert) and one at the end ( apppend).

Update:

I have to correct sth. i'm trxying to run wg on ovpn provider first with these config and this i have also explained this the support from ovpn:
 
WG:

iptables -I FORWARD -i wg0 -p udp -d xxx.xxx.x.1  --dport 55345 -j ACCEPT
iptables -I FORWARD -i wg0 -p tcp -d xxx.xxx.x.1  --dport 55345 -j ACCEPT
iptables -t nat -I PREROUTING -i wg0 -p tcp --dport 55345 -j DNAT --to-destination xxx.xxx.x.1:22350
iptables -t nat -I PREROUTING -i wg0 -p udp --dport 55345 -j DNAT --to-destination xxx.xxx.x.1:22350
#iptables -t nat -A PREROUTING -i tun -p udp --dport 55345  -j REDIRECT --to-ports 22350
#iptables -t nat -A PREROUTING -i tun -p udp --dport 55345  -j REDIRECT --to-ports 22350


But  this hasnt worked with ovpn and dozens of support conversations, so i would like to clarify this that the support has some knowledge about the matter but not entirely from my point of view.

best regards
   



 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...