Jump to content
Not connected, Your IP: 3.144.227.3
Sign in to follow this  
Petchok

ANSWERED Wireguard client not accepting connections

Recommended Posts

Hello all,

I have a Ubuntu VM called downloader that I use for torrenting, and for that purpose all internet traffic of that box goes through an AirVPN wireguard tunnel. I have set up another non-AirVPN wireguard tunnel on my router to remotely access my LAN : it works fine and I can access all the machines in my LAN, excess for downloader that refuses to respond.

I tried some troubleshooting, and if I stop the AirVPN wireguard tunnel on downloader, I can remotely connect to it through the router wireguard tunnel just like any other machine on my LAN.

So there must be something that gets set by the AirVPN wireguard client that stops this box from accepting connections. Downloader has a static address, 192.168.1.190, and when trying to access it remotely my laptop gets the address 192.168.2.2 from the router tunnel. I figured it might have to do with different subnets, but this is as far as my investigations got me : any clue how I could solve this ?

I haven't modified the AirVPN client config on downloader :

[Interface]
Address = XXX/32, XXX/128
PrivateKey = XXX
DNS = 10.128.0.1, fd7d:76ee:e68f:a993::1

[Peer]
PublicKey = XXX
PresharedKey = XXX
Endpoint = nl.vpn.airdns.org:1637
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 15

 

Share this post


Link to post

Hello!

If we understand the problem correctly, it's because WireGuard tries to tunnel the whole IP address space, including the private subnets, in your current configuration (see line "AllowedIPs"). The following message explains the matter more thoroughly and shows how to solve it:
https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?do=findComment&comment=217458

Kind regards
 

Share this post


Link to post

Hello,

Thanks for your answer. The solution in the link you kindly provided didn't solve my problem, actually the AirVPN wireguard tunnel stop working at all when using the specified long AllowedIPs chain.

But it did set me in the right direction : the blog post regarding the IP calculator detailed a better alternative, which is to change the routing table for the subnet to be excluded, 192.168.2.0/24 in my case.

So for the record my working config file is :

[Interface]
Address = XXX/32, XXX/128
PrivateKey = XXX
DNS = 10.128.0.1, fd7d:76ee:e68f:a993::1
PreUp = ip route add 192.168.2.0/24 via 192.168.1.1 dev enp0s4
PostDown = ip route del 192.168.2.0/24 via 192.168.1.1 dev enp0s4

[Peer]
PublicKey = XXX
PresharedKey = XXX
Endpoint = nl.vpn.airdns.org:1637
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 15

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...