Search the Community
Showing results for tags 'wireguard'.
Found 35 results
-
Hello all, I'm still fairly new to all this but I've learned that I can get better speeds with WireGuard protocols than with OpenVPN but with WireGuard I keep getting multiple handshake timeouts back to back. I've already set my my MTU to 1280, use only IPv4 in Eddie and even changed my WiFi channel to a less used one but despite all that it keeps getting timeout and then when it reconnects I have very low speeds. I don't know what to do and would aprreciate any help. Eddie_20241104_134626.txt
-
Hello everyone, I'm experiencing frequent disconnects when connecting over wireguard since quite some time. Changing to another server helps, however, the server itself (Menkent in this case) has no issues according to the status page. This happens on multiple devices (linux and macos), the handshake just fails: wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 2) This goes on for multiple iterations. Sometimes wireguards reconnects faster, sometimes it takes a lot of time. After a few seconds, we're back to: wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Receiving handshake response from peer 1 (213.152.176.140:1637) [...] wireguard: wg2: Sending keepalive packet to peer 1 (213.152.176.140:1637) wireguard: wg2: Retrying handshake with peer 1 (213.152.176.140:1637) because we stopped hearing back after 15 seconds wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 2) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 3) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Sending keepalive packet to peer 1 (213.152.176.140:1637) wireguard: wg2: Retrying handshake with peer 1 (213.152.176.140:1637) because we stopped hearing back after 15 seconds wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 2) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) wireguard: wg2: Handshake for peer 1 (213.152.176.140:1637) did not complete after 5 seconds, retrying (try 3) wireguard: wg2: Sending handshake initiation to peer 1 (213.152.176.140:1637) Anyone has an idea why it fails? In case it matters, my connection uses CGNAT. Edit: Forgot to mention that I use the regular Wireguard client, not Eddy or something. Config created via AirVPN website.
-
ANSWERED Setting-up Flint 2 as Wireguard client
Tigron posted a topic in Troubleshooting and Problems
Hi, I have just finished setting-up a Flint2 router as a wireguard client. The Flint2 seats behind my primary router which provides it access to the WAN. I have downloaded a Wireguard config from the Config generator, loaded it and I can establish a connection with no problem. I have temporarily connected a PC to one of the LAN port and I can see that it's got the VPN IP when browsing. However when I test my forwarded port I get the following error: "Connection refused 111". Is there a specific FW rule in the Flint2 to set-up in order to accept incoming connections? Thanks for the help. T -
ANSWERED Wireguard configuration on pfSense
MrCircinus posted a topic in Troubleshooting and Problems
Hello, It took me some time but I'm really warming up to AirVPN. I've just configured my first wireguard tunnel on pfsense. I created two VPN devices in the client area for the same physical machine: one for all OpenVPN connections and a new one for the wireguard connection. Am I right that I need to add another VPN device for every wireguard tunnel please? Thanks. -
This HOWTO describes how to connect to AirVPN with a Wireguard VPN tunnel from OPNsense. This is the first draft of this howto, i might add (more) screenshots later on. Version: 0.1 Date: 20231029 What we are going to achieve We'll create a single Wireguard VPN Tunnel, IPv4 Only. Traffic to the tunnel will be NATted Requirements OPNsense firewall is up-and-running and updated. This howto is based on version 23.7.7_1 You have basic knowledge on using OPNsense i.e. firewall rules, NAT, routing, gateways and aliases. AirVPN Premium Access Step 1. Information gathering We'll grab some info that we need to configure the Wireguard Tunnel. Go to the Client Area. Got to VPN Devices. Add a device or edit your existing device. Note your Public Key and IPv4 under the heading "Wireguard" Go back to the Client Aerea. Go to Config Generator Select "router" under "Choose your OS" Select "Wireguard under "Choose protocols" Select your country under "By Countries". I selected Netherlands Scroll way down and download your config. This is an example of a Wireguard config: (the keys and IP are random and will not work, use your own) [Interface] Address = 10.45.95.123/32 PrivateKey = X72xgdx23XDomnSXmcy#S4Jc#9Y5G*vU$wg^n499yn6 MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = VTSQ77Uk4^&RY4h%S$#9h8PR2T&xyya&yPTtk6oD^m$ PresharedKey = b7&&7bntmCS5q%&4J*mSKBAUvV4XEqHerwscvbappXQ Endpoint = nl3.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 Step 2. Create the Tunnel configuration Peer configuration: in OPNsense go to VPN|Wireguard|Settings|Peers. Create a peer with the following information: Name: wg_airvpn_<country code>. mine is called wg_airvpn_nl Public key: <PublicKey under heading [Peer] of your generated WG Config> Pre-shared key <presharedKey under heading [Peer] of your generated WG Config> Allowed IP's: 0.0.0.0/0 Endpoint Address: <Endpoint under heading [Peer] of your generated WG Config> Endpoint port: 1637 (default port) Keepalive interval: 15 (default interval) Instance configuration: in OPNsense go to VPN|Wireguard|Settings|Instances Create an instance with the following information: Enable Advanced Mode. Name: <Endpoint Name i.e. nl.vpn.airdns.org> Public Key: <Public Key as noted with step 1.4> Private Key: <PrivateKey under heading [Interface] of your generated WG Config> Listen Port: 1637 MTU: 1320 Tunnel Address: <Address including /32 under harding [Interface] of your generated WG Config> Peers: <select peer that you created with step 2.2> Disable routes: Enabled. Step 3. Make an exception on your WAN interface in OPNsense go to Firewall|Rules Select your WAN interface, mine is called WAN_PPPOE Create a Pass rule for IPv4/UDP port 1647 to your WAN-address. Step 4. Assign Wireguard Interface in OPNsense go to Interfaces|Assignments You'll find a "wg1(Wireguard - nl.vpn.airdns.org)" (or similiar) interface. bind it to an interface with a name of your choice. mine is called WAN_WG1 as is is the first site-to-site Wireguard tunnel on my WAN interface. Step 5. Create a gateway. Remember we disabled the routes for the WG instance configuration? Because of that we need to create a gateway. In OPNsense go to System|Gateways|Single Add a Gateway with the following information: Name: WAN_WG_GW Description: Interface WAN_WG1 Gateway Interface: Select WAN_WG1 as created in step 4. Address Family: IPv4 IP address: Dynamic (leave empty) Far Gateway: Enabled (this i am not sure of but for now i'm happy it works) Disable Gateway Monitoring: enabled Step 6. Aliases We set up some aliases. This will make it more easy to redirect some hosts or networks to the Wireguard tunnel. in OPNsense, go to Firewall|Aliases Create host entries for the specific hosts you'll redirect Create network entries for the specific network(s) you'll redirect. Create a Network Group Entry with the host and network entries to group them together. My alias is called networkgroup_wireguard Step 7. Create Outbound NAT for Wireguard. (In my setup, i use Manual Outbound Rule Generation because i like to have control) In OPNsense go to Firewall|NAT|Outbound Create a new Outbound NAT rule with the following information: Interface: WAN_WG1 TCP/IP version: IPv4 Protocol: Any Source Address: <alias networkgroup_wireguard from step 6> Translation /target WAN_WG1 address Description: Wireguard VPN Outbound NAT rule Step 8. Create Outbound Redirect rule. In this example we create 2 rules on our LAN interface, one for redirecting to WG, the other to prevent leaks. In OPNsense go to Firewall|Rules Select your LAN interface add an outbound Pass rule: Action: Pass Source: Networkgroup_wireguard Destination: Any (in my case i use an inverted network group called networkgroup_local where all my local vlans are grouped together) Gateway: WAN_WG1_GW (the gateway you created in step 5.) Add an outbound block rule below that: Action: Block Source: Networkgroup_wireguard Destination: Any Gateway: default Your WG VPN tunnel should now work. Test with https://ipleak.net The following steps are more advanced and i'm still finetuning/experimenting with the settings. your experience may vary. Step 9. Prevent VPN leakage I'm new to OPNsense and i am not sure what the default setting is, but from my pfSense experience i know the following setting is important when you want to make sure your VPN does not leak when for instance the tunnel is down. In OPNsense go to Firewall|Settings|Advanced Under "Gateway Monitoring" enable "Skip Rules when gateway is down" Step 10. MTU/MSS optimization For now i have set thte MTU according to the default setting of AirVPN. I want it to be higher but for now i'm just happy it works. My settings are as follows: In the properties of the WAN_WG1 interface i set the MTU to 1320 and the MSS to 1280. I created a normalize rule (Firewall|Settings|Normalization) with the following settings. this should enable me to clamp the MSS to 1280 for the wireguard group but leave the MSS to the desired setting (1452) as defined on my LAN interface for the rest of the hosts on my LAN; Interface: LAN Direction, Protocol: Any Source: networkgroup_wireguard Max MSS: 1280
-
So in my router, under peers it is saying each peer (which would be a single wireguard connection/device in airvpn) needs a unique public key. Is airvpn suddenly not spitting out a separate public key for each connection? Or is my router (opnvpn) suddenly working differently?
-
Hi, I'm trying to setup wireguard in a way that only applications i set to use the wg's interface will route its traffic through the VPN, with port forwarding enabled. I was under the impression that something like the following should work, but it doesn't: [Interface] Address = 10.184.118.49 PrivateKey = [redacted] MTU = 1320 DNS = 9.9.9.9 [Peer] PublicKey = [redacted] PresharedKey = [redacted] Endpoint = ip:port AllowedIPs = 10.184.118.0/24 PersistentKeepalive = 15 If I set the AllowedIPs to 0.0.0.0/0 then I can port forward, but all my traffic is routed over the VPN, and I don't want that. Is something like this possible with AirVPN? Thank you, Alonzo
-
TLDR Issue: When port forwarding is enabled, traffic forwarded from the VPN is being return via the WAN. So it's going AirVPN -> pfsense via VPN -> server -> pfsense via WAN -> Clear Internet. Software: pfsense 2.7.2-RELEASE, Package: WireGuard 0.2.1. Server: ubuntu 22.04.03 LTS I'm reaching out to the community because I'm out of ideas on how to fix what's going wrong. I'm not a network or firewall guru, I'm tech savy but clearly not enough to resolve my issue 😧. I followed the pfSense baseline setup guide available at nguvu.org to configure my pfsense. While the guide primarily focuses on using OpenVPN for the VPN setup, I adapted the instructions to use WireGuard instead but clearly I've missed something or fundermentally misunderstanding something. When I configure port forwarding using AirVPN with WireGuard to pfSense to my VPN network to a sever, I can see on a TCPDump the the initial inbound packets from AirVPN that's being port forwarded reaches the server, but each reply seems to vanish when returned to the router. Using diag_packet_capture on pfsense, I can see the inbound traffic from AirVPN, but when the server replies, it's going out on the WAN interface. Clearly there's some sort of gateway issue. I even tried to pay someone on Fiverr to fix it but they couldn't see any reason for it, they're claming it's a software defect, but seeing other people have somehow managed to do it, must be possible. Have I missed something silly? The port: The Server: These are my rules so far: WAN: WireGuard: Floating: VL20_VPN: Note: Selective_Routing (or VPN whitelist) isn't set: Gateways: Port Forward: Outbound NAT
-
It’s my understanding that OpenVPN is still under active development, with new features and fixes frequently being released. Wireguard development on the other hand, appears to be relatively quiet. I’ve read that the reason is that Wireguard is essentially a finished product, simple and lean by design, with nothing left to add and not much to fix. It’s that pretty accurate? I know OpenVPN has been working on DCO for a long time, but I don’t know what, if anything, Wireguard is working on?
-
Hi everyone, I did follow the guide posted here: [link] as good as I could. I ran ins some minor issues, but that should not be the root cause really. Furthermore, I documented my setup and posted a reply to the original author this time with screenshots so it could be used as help for everyone, like me, who is struggling with this. So as said, basically it's not working for me. I can't access anything from LAN. To me (noob) it looks like the tunnel is up, but I can't reach it. Looking at the gateway shows "defunct". To me, this does not sound good. In the WireGuard log, I get the following when I disable WireGuard and enable it again: I am a complete starter on OPNsense and WireGuard, before I was using pfSense and OpenVPN, but this is a bit different. So any help is much appreciated.
-
My current setup is pfSense Plus 23.09.01, with a vlan exiting all traffic via AirVPN. This works fine. The vpn traffic exits via a gateway group, when that gateway group has openVPN servers I can reach the site, when it's Wireguard servers the browser says the connection has timed out. Furthermore, I use Firefox with Duck Duck Go as the search engine, this fails to resolve any websites over Wireguard (when I use Google no problem), over openVPN I don't have any problems. Tried Brave browser, same result. I checked the route on the AirVPN site, it was ok! Again the only thing I have changed was the protocol. Site: https://oysta.co/account/login openVPN servers: Alathfar, Kital Wireguard servers: Betelgeuse, Alshain ISP: Virgin Media Any insight ? I'm not even sure how to troubleshoot this, nothing in the pfSense logs jumps out at me.
-
Hello, I'm reaching out to the forum because I recently subscribed to the service, and I'm having issues getting Transmission to work through the VPN. I'm using the WireGuard protocol on a Debian PC (headless without GUI). The WireGuard interface (wg0) is working fine; I can ping external addresses through it, use curl, and perform speed tests : The transmission-daemon also works perfectly when not going through the WireGuard interface but using my physical interface eth0. When I bind Transmission to the wg0 interface (specifying its IP in "bind-address-ipv4"), no traffic goes through the VPN. The trackers are unreachable, and the error "announce error: could not connect to tracker" appears. Running a netstat, I can see that Transmission is trying to connect to the tracker using various ports (why ?) through the WireGuard interface but never receives any traffic in return (SYN_SENT): However, these addresses are pingable through the wg0 interface: I've tried approaching the problem from different angles, and after several hours without any solution, I'd like to know if any of you have encountered a similar issue? (I should mention that my firewall is completely disabled for the tests). Thank you !
-
My knowledge is lower intermediate at best but let me explain myself. So I got the AIRVPN sub, setup port forwarding, setup port forwarding in qbitorrent and all seemed gravy. One problem the speeds are bad, like real bad terrible even. So I go on this forum and read a post about using wireguard with airvpn. So I download wireguard and generate a protocol thru this site and paste into the wireguard it connects. Speed much better and still says I'm in another country. Here's the rub: The torrent I'm downloading in qbitorrent is now saying "stalled" and I'm seeding nothing also Eddie is continuously saying "connecting" and "restarting". I read somewhere saying to go into protocols/ prefs/ uncheck auto/ choose wireguard/ and then save. No changes. I figured I did something wrong somewhere or didn't do something.... Now I'm wondering about something call DNS leaks? Basically any help you can give me would be appreciated.
-
Hi, I created the wireguard interface and applied the configuration on the init namespace. I then moved it to a "container" namespace with ip link set wg0 netns container ip -n container link set wg0 up I then add an ip to it, and add the default route on my container namespace to be on wg0, but i have no network connectivity. Looking at wireshark, it seems the packets can get out, but cannot come back. here is some additional info: gnuwu@anonynowo ~ $ sudo ip -n container a Password: 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 172.16.0.2/32 scope global wg0 valid_lft forever preferred_lft forever gnuwu@anonynowo ~ $ sudo ip -n container l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/none gnuwu@anonynowo ~ $ sudo ip netns exec container wg show interface: wg0 public key: (hidden) private key: (hidden) listening port: 40816 peer: (hidden) preshared key: (hidden) endpoint: 213.152.161.236:1637 allowed ips: 0.0.0.0/0, ::/0 latest handshake: 59 seconds ago transfer: 3.76 KiB received, 71.90 KiB sent persistent keepalive: every 15 seconds gnuwu@anonynowo ~ $ sudo ip -n container r default dev wg0 scope link gnuwu@anonynowo ~ $ sudo ip netns exec container ping -c 4 1.1.1.1 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. --- 1.1.1.1 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3068ms
-
I'm tired. The connection keeps disconnecting sometime after the screen is off, and yes "Pause VPN when screen is off" is disabled. I as well went to android VPN settings and checked "Always-on VPN" and the eddie client still disconnects me. I tried the wireguard client, and while it does not do random disconnections, it doesn't play nice with excluding local traffic, even when add them to the allowed IPs. The issue doesn't happen on OpenVPN, TCP or UDP, but I wish to use wireguard. Here is the settings and connection log. All of them have been ending with wireguard handshake expiry --- Settings dump --- AirVPN logged in user: VinXI AirVPN selected user key: Default airvpn_default_vpn_type: WireGuard airvpn_default_openvpn_protocol: UDP airvpn_default_openvpn_port: 443 airvpn_default_wireguard_port: 1637 airvpn_default_ip_version: IPv6overIPv4 airvpn_default_tls_mode: tls-crypt airvpn_quick_connect_mode: auto airvpn_cipher: SERVER airvpn_forbid_quick_connection_to_user_country: true airvpn_custom_bootstrap_servers: airvpn_server_whitelist: airvpn_server_blacklist: airvpn_country_whitelist: airvpn_country_blacklist: airvpn_current_local_country: Auto enable_master_password: false system_vpn_lock: true system_vpn_boot_priority: AirVPN-Best-Server,AirVPN-Default-Server,AirVPN-Default-Country,Default-VPN-Profile,Last-Connected-Profile system_vpn_reconnect: false system_vpn_reconnect_retries: -1 system_dns_override_enable: false system_dns_custom: system_proxy_enable: false system_persistent_notification: true system_notification_sound: true system_show_message_dialogs: true system_forced_mtu: system_application_filter_type: 0 system_application_filter: system_application_language: system_application_theme: System system_first_run: true system_start_vpn_at_boot: true system_last_profile_is_connected: true is_always_on_vpn: on vpn_lockdown: off system_exclude_local_networks: true system_pause_vpn_when_screen_is_off: false system_airvpn_remember_me: true ovpn3_tls_version_min: tls_1_2 ovpn3_protocol: ovpn3_ipv6: ovpn3_timeout: 60 ovpn3_tun_persist: true ovpn3_compression_mode: no ovpn3_synchronous_dns_lookup: false ovpn3_autologin_sessions: true ovpn3_disable_client_cert: false ovpn3_ssl_debug_level: 0 ovpn3_default_key_direction: -1 ovpn3_tls_cert_profile: ovpn3_proxy_host: ovpn3_proxy_port: ovpn3_proxy_allow_cleartext_auth: false ovpn3_custom_directives: --- VPN status --- Type: WireGuard Status: Not Connected Connection Mode: AirVPN server User: VinXI User Key: Default --- VPN profile --- Name: airvpn_server_connect Profile: airvpn_server_connect Status: ok Description: us.vpn.airdns.org Type: WireGuard Server: us.vpn.airdns.org Port: 1637 Protocol: UDP --- Log dump --- 01 Jan. 1970 00:00:00 UTC [Info] Start connection to best AirVPN server in United States of America - WireGuard, Protocol UDP, Port 1637 18 Jul. 2023 12:17:21 UTC [Info] Using user key 'Default' 18 Jul. 2023 12:17:21 UTC [Info] Local networks are exempted from the VPN 18 Jul. 2023 12:17:21 UTC [Info] WireGuardTunnel: successfully created a new WireGuard client 18 Jul. 2023 12:17:21 UTC [Info] Setting MTU to 1320 18 Jul. 2023 12:17:30 UTC [Info] Starting VPN thread 18 Jul. 2023 12:17:30 UTC [Info] Adding server IPv4 address 10.188.173.174/32 18 Jul. 2023 12:17:30 UTC [Info] Adding server IPv6 address fd7d:76ee:e68f:a993:d64b:ed40:171:7272/128 18 Jul. 2023 12:17:30 UTC [Info] Adding DNS IPv4 address 10.128.0.1 18 Jul. 2023 12:17:30 UTC [Info] Adding DNS IPv6 address fd7d:76ee:e68f:a993::1 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 10.188.173.174/32 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route fd7d:76ee:e68f:a993:d64b:ed40:171:7272/128 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 10.128.0.1/32 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route fd7d:76ee:e68f:a993::1/128 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 0.0.0.0/5 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 8.0.0.0/7 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 11.0.0.0/8 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 12.0.0.0/6 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 16.0.0.0/4 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 32.0.0.0/3 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 64.0.0.0/2 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 128.0.0.0/3 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 160.0.0.0/5 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 168.0.0.0/6 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 172.0.0.0/12 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 172.32.0.0/11 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 172.64.0.0/10 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 172.128.0.0/9 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 173.0.0.0/8 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 174.0.0.0/7 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 176.0.0.0/4 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.0.0.0/9 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.128.0.0/11 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.160.0.0/13 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.169.0.0/16 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.170.0.0/15 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.172.0.0/14 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.176.0.0/12 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 192.192.0.0/10 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 193.0.0.0/8 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 194.0.0.0/7 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 196.0.0.0/6 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 200.0.0.0/5 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 208.0.0.0/4 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv4 route 224.0.0.0/3 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route ::/1 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route 8000::/2 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route c000::/3 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route e000::/4 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route f000::/5 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route f800::/6 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route fc00::/8 18 Jul. 2023 12:17:30 UTC [Info] Adding IPv6 route fe00::/7 18 Jul. 2023 12:17:30 UTC [Info] Starting VPN connection to server 18 Jul. 2023 12:17:30 UTC [Info] Protecting IPv4 socket 18 Jul. 2023 12:17:30 UTC [Info] Protecting IPv6 socket 18 Jul. 2023 12:17:30 UTC [Info] CONNECTED to VPN (AirVPN server us.vpn.airdns.org) us.vpn.airdns.org (WireGuard) Server Host: 104.129.48.66 Server Port: 1637 IPv4 address: 10.188.173.174/32 IPv6 address: fd7d:76ee:e68f:a993:d64b:ed40:171:7272/128 DNS IPv4: 10.128.0.1/32 DNS IPv6: fd7d:76ee:e68f:a993::1/128 18 Jul. 2023 12:20:22 UTC [Info] Refreshing AirVPN manifest 18 Jul. 2023 12:20:22 UTC [Info] Requesting manifest document to AirVPN 18 Jul. 2023 12:20:22 UTC [Info] Trying connection to AirVPN bootstrap server at http://63.33.78.166 18 Jul. 2023 12:20:26 UTC [Info] Successfully received manifest document from AirVPN 18 Jul. 2023 12:20:26 UTC [Info] Setting manifest to the instance downloaded from AirVPN server 18 Jul. 2023 12:22:06 UTC [Error] WireGuard handshake expired. Connection will be terminated. 18 Jul. 2023 12:22:06 UTC [Warning] WireGuard: Disconnecting VPN 18 Jul. 2023 12:22:06 UTC [Debug] VPNTunnel.clearContexts(): Clearing VPN contexts 18 Jul. 2023 12:22:06 UTC [Warning] WireGuard: Successfully disconnected from VPN
-
Hello all, Anyone managed to set up amule with a HighID through wireguard? I run debian bookworm, I opened 3 consecutive ports and configured them in amule but I'm still a low ID. To make sure amule binds to the right interface (my wg interface is not the default one), I use https://github.com/JsBergbau/BindToInterface I am not sure what I did wrong. For qbittorrent I chose the wg interface and opened the port and it just works. Is this a limitation of BindToInterface, amule, airvpn? A bad setting somewhere? Thanks for reading me
-
I just reinstalled AirVPN/Eddie today, before I reinstalled, AirVPN did not work while Wireguard worked just fine. Now however I try and connect in Eddie with Wireguard and get an error and disconnected: WireGuard > Error: Failed to start: not running What does this mean? There is no other details in the log. This error is really vague and doesn't point me in any direction to solving it. If Wireguard is not running, how do I make it run? All I had to do was connect to Wireguard in settings, but since that doesn't fix it, I don't know what to do. Thanks
-
Eddie-CLI options not having any effect
flyinginsectapplepie posted a topic in Eddie - AirVPN Client
I'm new to AirVPN, so I may be doing something wrong, but I don't know what. I installed Eddie-CLI on an Ubuntu derivative, and it seems to be working fine, it connects, but for CLI options have no effect. The client starts if I provide the username and password, but the --remember option seems to have no effect; the next time it runs, Eddie complains about the lack of credentials and closes. I want to use Wireguard, which in my experience is must faster and more stable, but --mode.type="wireguard" seems to have no effect, when I press N it still connects to OpenVPN. Am I doing something wrong? How do you get it to remember the credentials and connect through Wireguard? E.g.: Eddie-cli -login=[myusaername] -password=[mypassword] --mode.type="wireguard" --remember . [date] - Eddie version: 2.21.8 / linux_aarch64, System: Linux, Name: Debian GNU/Linux 11 (bullseye), Versio n: 11 (bullseye), Mono/.Net: 6.8.0.105 (Debian 6.8.0.105+dfsg-3.3~deb11u1 Sat Feb 18 21:38:24 UTC 2023); Framework: v4.0.3 0319 . 2023.07.08 00:13:32 - Command line arguments (6): path.resources="/usr/share/eddie-cli" path.exec="/usr/bin/eddie-cli" l ogin="[myusername" password="[mypassword]" mode.type="wireguard" remember="True" . 2023.07.08 00:13:32 - Raise system privileges . 2023.07.08 00:13:36 - Reading options from /home/pi/.config/eddie/default.profile . 2023.07.08 00:13:41 - OpenVPN - Version: 2.5.1 - OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 (/usr/sbin/openvpn) -
I just purchased an AirVPN plan and set up the WireGuard connection to replace a Mullvad one. The connection operates in a separate namespace (just like the Mullvad one before it). I have port forwarding enabled, and when testing the port on my AirVPN profile page, it says the port is open. However, my rtorrent client seems unable to connect to any of the trackers. Tracepath shows timeouts to some sites, but e.g. grabbing a kernel tarball works just fine. Setup, route and MTU seem okay to me. # ip netns exec wireguard wg show interface: wg0 public key: <snip> private key: (hidden) listening port: 51727 peer: <snip> preshared key: (hidden) endpoint: <snip> allowed ips: 0.0.0.0/0, ::/0 latest handshake: 1 minute, 20 seconds ago transfer: 142.67 MiB received, 7.39 MiB sent persistent keepalive: every 15 seconds # ip -n wireguard route default dev wg0 scope link # ip -n wireguard a s 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 6: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1320 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.xxx.xxx.xxx/32 scope global wg0 valid_lft forever preferred_lft forever A tracepath for e.g. Redacted's tracker will show just fine but rtorrent shows only tracker timeouts; it doesn't even seem to try to update the tracker when I tell it to do so manually. Hop times are high though (routing through Canada from Europe). # ip netns exec wireguard tracepath flacsfor.me 1?: [LOCALHOST] pmtu 1320 1: 10.128.0.1 108.463ms 1: 10.128.0.1 108.575ms 2: 184.75.221.169 108.081ms 3: te0-0-1-19.222.ccr31.yyz02.atlas.cogentco.com 108.469ms 4: be3260.ccr22.ymq01.atlas.cogentco.com 116.587ms 5: be2976.ccr21.ymq01.atlas.cogentco.com 115.585ms asymm 4 6: be2182.ccr41.ams03.atlas.cogentco.com 195.332ms 7: be2182.ccr41.ams03.atlas.cogentco.com 195.868ms asymm 6 8: be3433.rcr21.ams06.atlas.cogentco.com 195.476ms asymm 7 9: worldstream.demarc.cogentco.com 196.031ms asymm 8 10: 185.165.241.225 197.348ms reached Resume: pmtu 1320 hops 10 back 10 Kernel tarball pulls in fine e.g.: # ip netns exec wireguard wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.4.7.tar.xz --2023-07-29 10:42:50-- https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.4.7.tar.xz Resolving cdn.kernel.org (cdn.kernel.org)... 151.101.125.176, 2a04:4e42:1e::432 Connecting to cdn.kernel.org (cdn.kernel.org)|151.101.125.176|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 137795084 (131M) [application/x-xz] Saving to: 'linux-6.4.7.tar.xz' linux-6.4.7.tar.xz 4%[==> ] 5.37M 186KB/s eta 4m 53s Firewall is pretty basic: # Firewall for WireGuard namespace *filter ## Policies ## # Set default policies; for now we just accept output -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT ## Loopback ## # Accept loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT ## Ping ## # Allow ping requests -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT ## Established connections ## # Accept all established connections. This should mean we don't need to add ESTABLISHED to most. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ## Rtorrent port ## -A INPUT -p tcp --dport abcde -m state --state NEW -j ACCEPT -A INPUT -p udp --dport abcde -m state --state NEW -j ACCEPT COMMIT Thanks
-
Has anyone had success setting up native WireGuard for AirVPN on ChromeOS? Following these steps using values from AirVPN-generated WireGuard configs produced what appeared to be a complete profile but attempting to connect immediately failed with an error -126 (whatever that is) on the current Stable channel release (15183.69.0), and I am not acquainted enough with ChromeOS to know how to troubleshoot further. The Chromebook I was tasked with setting up is not to have any Play Store (Android) or Crostini (Linux) apps, hence the strong preference for built-in support.
-
Hello, I just bought a 3 day subscription to test AirVPN. I searched through the topics but didn't find the specific info I am asking about below. I selected Wireguard as protocol and 'By planet - Earth' option for servers in the Config Generator so that I can get all the servers. I added the tunnel. Now, I see it is connected to a server which I believe it found to be the best connectivity with. How can I choose a different server whenever I want, for ex. from another country? Also, what is the 'ON-DEMAND ACTIVATION' option? It shows 'Off' for me now. My primary device is Windows. Is there a guide/post describing the best practice/options to select while configuring the Eddie client? Thanks!
-
wireguard Cant connect through wireguard on Linux
fujimail posted a topic in Troubleshooting and Problems
Hi guys, iv'e tried a few distros with WireGuard but for some reason they all connect, but I loose internet connectivity right after. I always use the config generator with IPv4 only and Europe. I then import the file in to the Network Manager in KDE, connect without any problems and from then on my Internet is down. I am currently running Manjaro on a Raspberry Pi. Does anybody have any similar issues? Running the VPN over my Router directly works fine, which is confusing me. Although, this won't help me with my project. Thanks in advance for any answers! -
Hello, I've got a little confused in my routing configuration. Let me explain. I have my router which acts as a VPN server => it runs WireGuard and everything works OK - I receive connections, can browse the web. Now, I'd like to route all VPN traffic to the internet through my AirVPN subscription, and also using wireguard. I'll try to illustrate bellow. PC <=> WG server <=> WG client <=> AirVpn servers <=> Internet My setup ( I'll skip my wireguard server setup as that works OK ) 1. create an interface "vpnout", type wireguard, with IP (10.163.57.56/32) => This is provided by my AirVPN configuration 2. wg setconf airvpn.conf : [Interface] PrivateKey = privatekeyhere [Peer] PublicKey = publickeyhere PresharedKey = presharedkeyhere Endpoint = br.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 15 3. ip link set dev vpnout up At this point, everything is working, tested using curl and ping, I'm able to use the client like this and also by default nothing is routed using this "vpnout" interface. Now comes the tricky part, lets say my WireGuard server has an interface named "vpnin", let's try to route everything that comes in through "vpnin" to "vpnout" My VPN server has a range of ips 10.10.10.0/24 My attempt: 1. create a new rule echo 200 vpn >> /etc/iproute2/rt_tables 2. try to route the server subnet through the new rule" ip rule add from 10.10.10.0/24 table vpn 3. Add a default route to the vpn table: ip route add default via 10.163.57.56 dev vpnout table vpn == So, I can see traffic going out on the "vpnout" interface ( using tcpdump ) ... what I can't see is reply from remote host/sites I'm trying to contact. So, question is, how can I route everything that comes in on interface 1 to go out on interface 2. Is ip route suitable for this? Maybe I need some firewall rules and NAT? Forwarding is enabled. If anybody can help, I'd be very grateful.
-
I run the command nft list tables and I get this output: table inet filter table ip6 wg-quick-tun0 table ip wg-quick-tun0 So the question is why is there separate tables for IP4 & IP6? Why not just have it be an inet connection?