7

I am trying to configure a VPN server with WireGuard in order to have access to my local network when I am outside home.

I configured a raspberry pi to be the Wireguard 'server' and I have a laptop that I will use as client. I will describe the 'local network' as the network where the server (raspberry pi) lives and 'remote netwok' the network outside my home.

When I run 'wg-quick PiVPN-FT' in the 'client' from the local network, I am able to ssh to devices on my local network and I have access to internet as well. However, when I do it from a remote network (using the hot-spot from my phone) I can not ssh into other devices and I dont have internet access.

I also tried to connect from the network at work (to avoid using hotspots), with the same negative results.

The conf file on the server is:

[Interface]
PrivateKey = Private_key
Address = 10.6.0.1/24
MTU = 1420
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD
-o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820

[Peer]
PublicKey = Public_Key
PresharedKey = Preshared_Key
AllowedIPs = 10.6.0.2/32


[Peer]
PublicKey = Public_Key
PresharedKey = Preshared_Key
AllowedIPs = 10.6.0.3/32
PersistentKeepalive=25

The conf file in the client is:

[Interface]
PrivateKey = Private_Key
Address = 10.6.0.3/24
MTU = 1420
DNS = 8.8.8.8, 8.8.4.4

[Peer]
PublicKey = Public_Key
PresharedKey = Preshared_Key
Endpoint = End_point:51820
AllowedIPs = 0.0.0.0/0, ::0/0

As I am new to seting up this networking system, I would like to know how to troubleshoot to find what is causing the issue.

jlunesc
  • 81

1 Answers1

2

It's not entirely clear from your problem description but I'm going to assume that your server is behind a consumer-grade router of some kind which provides your home with Internet access.

These devices are usually NATs (in case of IPv4) and firewalls (in case of IPv6) which prevents you to access the inner devices directly.

Also from the config, it's not quite possible to guess what the endpoint hostname actually resolves to. Is it a global IP or a local one?

I'd suggest these steps:

  1. In your router, find the option port forwarding and make sure your WireGuard port is port forwarded to the WireGuard server. This will make the device accessible from the outside. There are plenty of guides on how to do port forwarding so I won't go into detail here.
  2. Make sure your endpoint is globally resolvable. In the easiest case, that means use your global IP of the router (for IPv4) or the global IP of the WireGuard server directly (for IPv6).
svenstaro
  • 535