FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,590 views 39 comments
by anonymous
Hi

I can get openVPN connected fine and internet traffic through.

I can get WIREGUARD connected fine but no internet traffic through.

I have read for most of the day and have ensured that the WAN is allowed through the Wireguard ALLOWED forward to destination and source zones. (This is the only thing in there?)

I can ping the LAN IP for the wireguard connection and can reach them. I cannot ping google.com or 8.8.8.8

I cannot use internet browsers or stream.

This all points to firewall issues but I cannot get my head around about what the problem is.
by anonymous
Okay I can now ping web addresses and external ip but still no access from browser, streaming etc
by anonymous
Anyone help? Is there a known issue with the latest firmware? I note from another post there is with RMS vpn.
by anonymous

REMOVED AND PUT IN CORRECT PLACE FOR CONTINUING CONVERSATION

by anonymous

------------

4 Answers

0 votes
by anonymous

 add ::/0 to the allowed IP addresses list as a separate entry. 

 

Best answer
0 votes
by anonymous
Hello,

In Network->Firewall->General Settings/Zone Forwardings, have you set both lan->wireguard and wireguard->lan to Accept/Accept/Accept ?

Regards,
by anonymous

I think so

Others include

by anonymous
Ok. Could you ping 8.8.8.8 and check the wireguard interface RX and TX counters with ifcconfig ?

In the wireguard parameters, what is the content of the 'Allowed IP' field ?
by anonymous

root@Teltonika-RUTX09:~# ifconfig NORDWG

NORDWG    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.5.0.2  P-t-P:10.5.0.2  Mask:255.255.255.0

          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1

          RX packets:1790 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1997 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:467964 (456.9 KiB)  TX bytes:412664 (402.9 KiB)

root@Teltonika-RUTX09:~# ifconfig NORDWG

NORDWG    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.5.0.2  P-t-P:10.5.0.2  Mask:255.255.255.0

          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1

          RX packets:1818 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2034 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:472476 (461.4 KiB)  TX bytes:417560 (407.7 KiB)

root@Teltonika-RUTX09:~# ifconfig NORDWG

NORDWG    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.5.0.2  P-t-P:10.5.0.2  Mask:255.255.255.0

          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1

          RX packets:1850 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2081 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:482796 (471.4 KiB)  TX bytes:424136 (414.1 KiB)

root@Teltonika-RUTX09:~# ifconfig NORDWG

NORDWG    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.5.0.2  P-t-P:10.5.0.2  Mask:255.255.255.0

          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1

          RX packets:1871 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2119 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:485628 (474.2 KiB)  TX bytes:431540 (421.4 KiB)

root@Teltonika-RUTX09:~# ifconfig NORDWG

NORDWG    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.5.0.2  P-t-P:10.5.0.2  Mask:255.255.255.0

          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1

          RX packets:1987 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2248 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:516428 (504.3 KiB)  TX bytes:457860 (447.1 KiB)

Allowed IPs - 0.0.0.0/0

NB: Ping was from a device on the network not from the router. 

by anonymous
The counters increase in both directions. Strange. Could you show the output of the "wg" command at same time ? And replace 0.0.0.0/0 by 0.0.0.0/1,128.0.0.0/1 ?

Also of interest: ifconfig br-lan, ifconfig wwan0, to see the MTU of the interfaces.
by anonymous

interface: NORDWG

  public key: REDACTED

  private key: (hidden)

  listening port: 51820

peer: REDACTED

  endpoint: 178.239.162.207:51820

  allowed ips: 0.0.0.0/1, 128.0.0.0/1

  latest handshake: 25 seconds ago

  transfer: 80.87 KiB received, 94.04 KiB sent

  persistent keepalive: every 25 seconds

root@Teltonika-RUTX09:~# wg

interface: NORDWG

  public key: REDACTED

  private key: (hidden)

  listening port: 51820

peer: REDACTED

  endpoint: 178.239.162.207:51820

  allowed ips: 0.0.0.0/1, 128.0.0.0/1

  latest handshake: 29 seconds ago

  transfer: 103.75 KiB received, 118.06 KiB sent

  persistent keepalive: every 25 seconds

root@Teltonika-RUTX09:~# wg

interface: NORDWG

  public key: REDACTED

  private key: (hidden)

  listening port: 51820

peer: REDACTED

  endpoint: 178.239.162.207:51820

  allowed ips: 0.0.0.0/1, 128.0.0.0/1

  latest handshake: 1 minute, 12 seconds ago

  transfer: 221.84 KiB received, 224.30 KiB sent

  persistent keepalive: every 25 seconds

root@Teltonika-RUTX09:~# wg

interface: NORDWG

  public key: REDACTED

  private key: (hidden)

  listening port: 51820

peer: REDACTED

  endpoint: 178.239.162.207:51820

  allowed ips: 0.0.0.0/1, 128.0.0.0/1

  latest handshake: 1 minute, 15 seconds ago

  transfer: 277.36 KiB received, 249.20 KiB sent

  persistent keepalive: every 25 seconds

root@Teltonika-RUTX09:~# wg

interface: NORDWG

  public key: REDACTED

  private key: (hidden)

  listening port: 51820

peer: REDACTED

  endpoint: 178.239.162.207:51820

  allowed ips: 0.0.0.0/1, 128.0.0.0/1

  latest handshake: 1 minute, 17 seconds ago

  transfer: 282.79 KiB received, 254.73 KiB sent

  persistent keepalive: every 25 seconds

root@Teltonika-RUTX09:~# wg

interface: NORDWG

  public key: REDACTED

  private key: (hidden)

  listening port: 51820

peer: REDACTED

  endpoint: 178.239.162.207:51820

  allowed ips: 0.0.0.0/1, 128.0.0.0/1

  latest handshake: 1 minute, 18 seconds ago

  transfer: 287.07 KiB received, 256.18 KiB sent

  persistent keepalive: every 25 seconds

root@Teltonika-RUTX09:~# wg

interface: NORDWG

  public key: REDACTED

  private key: (hidden)

  listening port: 51820

peer: REDACTED

  endpoint: 178.239.162.207:51820

  allowed ips: 0.0.0.0/1, 128.0.0.0/1

  latest handshake: 1 minute, 19 seconds ago

  transfer: 288.51 KiB received, 257.37 KiB sent

  persistent keepalive: every 25 seconds

root@Teltonika-RUTX09:~# wg

by anonymous

root@Teltonika-RUTX09:~# ifconfig br-lan

br-lan    Link encap:Ethernet  HWaddr 00:1E:42:27:CD:05

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fd1d:4fcd:c3e9::1/60 Scope:Global

          inet6 addr: fe80::21e:42ff:fe27:cd05/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:26285884 errors:0 dropped:326 overruns:0 frame:0

          TX packets:71194326 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:2096557283 (1.9 GiB)  TX bytes:93634601609 (87.2 GiB)

 

root@Teltonika-RUTX09:~# ifconfig wwan0

wwan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:100.91.126.178  P-t-P:100.91.126.178  Mask:255.255.255.255

          inet6 addr: fe80::b278:89d9:9dc:bfa9/64 Scope:Link

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1460  Metric:1

          RX packets:70583067 errors:12657 dropped:0 overruns:0 frame:8839

          TX packets:25357216 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:96372094371 (89.7 GiB)  TX bytes:3298633708 (3.0 GiB)

 

root@Teltonika-RUTX09:~#

by anonymous
The MTU of the wg interface is too high, set it to 1460 - 80 = 1380 not 1420 and try again.
by anonymous

root@Teltonika-RUTX09:~# ifconfig br-lan

br-lan    Link encap:Ethernet  HWaddr 00:1E:42:27:CD:05

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fd1d:4fcd:c3e9::1/60 Scope:Global

          inet6 addr: fe80::21e:42ff:fe27:cd05/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:26451674 errors:0 dropped:333 overruns:0 frame:0

          TX packets:71786693 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:2110202768 (1.9 GiB)  TX bytes:94380515868 (87.8 GiB)

root@Teltonika-RUTX09:~# ifconfig NORDWG

NORDWG    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.5.0.2  P-t-P:10.5.0.2  Mask:255.255.255.0

          UP POINTOPOINT RUNNING NOARP  MTU:1380  Metric:1

          RX packets:1812 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2145 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:411020 (401.3 KiB)  TX bytes:442020 (431.6 KiB)

root@Teltonika-RUTX09:~# ifconfig wwan0

wwan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:100.91.126.178  P-t-P:100.91.126.178  Mask:255.255.255.255

          inet6 addr: fe80::b278:89d9:9dc:bfa9/64 Scope:Link

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1460  Metric:1

          RX packets:71170949 errors:24660 dropped:0 overruns:0 frame:17163

          TX packets:25509279 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:97113864966 (90.4 GiB)  TX bytes:3311663606 (3.0 GiB)

Still not working. 

by anonymous

------------

0 votes
by anonymous
I had to lower the wireguard mtu tp 1380 to get ssh traffic over it. The mobile connection presented mtu as 1460 and wireguard needs 40 (60 for ipv6) overhead. What also worked was increasing the mobile mtu to 1500 but I'm not sure if the mobile provider would accept that. So to be on the safe side lower wg.
by anonymous

Still not working.

When doing a tracert form a device there is nothing getting past the router.

First result is ISP only. 

root@Teltonika-RUTX09:~# traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets

 1  *  *  *

 2  10.124.222.141 (10.124.222.141)  38.103 ms  38.385 ms  29.432 ms

 3  10.247.83.171 (10.247.83.171)  29.737 ms  28.769 ms  29.687 ms

 4  *  *  *

 5  10.247.83.193 (10.247.83.193)  33.775 ms  38.329 ms  29.704 ms

 6  10.247.83.186 (10.247.83.186)  26.705 ms  31.447 ms  29.747 ms

 7  87.237.20.110 (87.237.20.110)  30.796 ms  38.346 ms  38.679 ms

 8  87.237.20.79 (87.237.20.79)  38.789 ms  36.074 ms  40.732 ms

 9  72.14.242.70 (72.14.242.70)  39.793 ms  46.031 ms  40.699 ms

10  74.125.242.65 (74.125.242.65)  38.748 ms  108.170.246.161 (108.170.246.161)  44.058 ms  108.170.246.129 (108.170.246.129)  44.079 ms

11  142.251.52.145 (142.251.52.145)  46.035 ms  172.253.66.99 (172.253.66.99)  107.957 ms  142.251.54.27 (142.251.54.27)  431.280 ms

12  dns.google (8.8.8.8)  62.420 ms  55.998 ms  53.230 ms

root@Teltonika-RUTX09:~# traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets

 1  *  *  *

 2  *  *  *

 3  *  *  *

 4  *  *  *

 5  *  *^C

by anonymous
If you think it's a fw problem disable the fw (3x accept in general settings). Otherwise you 've a routing or wg problem.
by anonymous
It's time to resort to tcpdump:

tcpdump -i wwan0 -n -v -s 0 'host 8.8.8.8 or icmp'

and ping 8.8.8.8 at the same time.
by anonymous
One of the public/private wg keys may be wrong. From the router itself can you ping the the ip at the other end (probably 10.5.0.1) ?
by anonymous
Setting firewall to ACCEPT, ACCEPT, ACCEPT and still no internet access.
by anonymous

Pinging 10.5.0.1 with 32 bytes of data:

Reply from 10.5.0.1: bytes=32 time=415ms TTL=63

Reply from 10.5.0.1: bytes=32 time=114ms TTL=63

Reply from 10.5.0.1: bytes=32 time=122ms TTL=63

Reply from 10.5.0.1: bytes=32 time=64ms TTL=63

Ping statistics for 10.5.0.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 64ms, Maximum = 415ms, Average = 178ms

by anonymous

root@Teltonika-RUTX09:~# tcpdump -i wwan0 -n -v -s 0 'host 8.8.8.8 or icmp'

tcpdump: listening on wwan0, link-type RAW (Raw IP), capture size 262144 bytes

^C

0 packets captured

0 packets received by filter

0 packets dropped by kernel

by anonymous
So we know that the keys are correct. Now, from the router ping 8.8.8.8.
by anonymous

What is the output of tcpdump -i NORDWG -n -v -s 0 'icmp' when you ping 8.8.8.8

by anonymous

So we know that the keys are correct. Now, from the router ping 8.8.8.8.

root@Teltonika-RUTX09:~# ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

64 bytes from 8.8.8.8: seq=0 ttl=60 time=50.227 ms

64 bytes from 8.8.8.8: seq=1 ttl=60 time=40.941 ms

64 bytes from 8.8.8.8: seq=2 ttl=60 time=42.706 ms

64 bytes from 8.8.8.8: seq=3 ttl=60 time=41.480 ms

64 bytes from 8.8.8.8: seq=4 ttl=60 time=52.627 ms

64 bytes from 8.8.8.8: seq=5 ttl=60 time=41.043 ms

64 bytes from 8.8.8.8: seq=6 ttl=60 time=39.952 ms

64 bytes from 8.8.8.8: seq=7 ttl=60 time=42.695 ms

64 bytes from 8.8.8.8: seq=8 ttl=60 time=41.585 ms

64 bytes from 8.8.8.8: seq=9 ttl=60 time=41.144 ms

64 bytes from 8.8.8.8: seq=10 ttl=60 time=39.993 ms

64 bytes from 8.8.8.8: seq=11 ttl=60 time=38.726 ms

64 bytes from 8.8.8.8: seq=12 ttl=60 time=39.506 ms

64 bytes from 8.8.8.8: seq=13 ttl=60 time=39.265 ms

64 bytes from 8.8.8.8: seq=14 ttl=60 time=66.123 ms

64 bytes from 8.8.8.8: seq=15 ttl=60 time=42.885 ms

64 bytes from 8.8.8.8: seq=16 ttl=60 time=38.701 ms

by anonymous

What is the output of tcpdump -i NORDWG -n -v -s 0 'icmp' when you ping 8.8.8.8

root@Teltonika-RUTX09:~# tcpdump -i NORDWG -n -v -s 0 'icmp'

tcpdump: listening on NORDWG, link-type RAW (Raw IP), capture size 262144 bytes

20:22:27.198500 IP (tos 0x0, ttl 127, id 59390, offset 0, flags [none], proto ICMP (1), length 60)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 1, seq 2052, length 40

20:22:27.243733 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 60)

    8.8.8.8 > 10.5.0.2: ICMP echo reply, id 1, seq 2052, length 40

20:22:28.213363 IP (tos 0x0, ttl 127, id 59391, offset 0, flags [none], proto ICMP (1), length 60)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 1, seq 2053, length 40

20:22:28.253588 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 60)

    8.8.8.8 > 10.5.0.2: ICMP echo reply, id 1, seq 2053, length 40

20:22:29.227299 IP (tos 0x0, ttl 127, id 59392, offset 0, flags [none], proto ICMP (1), length 60)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 1, seq 2054, length 40

20:22:29.269627 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 60)

by anonymous
Good, everything looks fine from the router itself the ping goes through the wg interface as shown by tcpdump.

Now, same tcpdump but ping from another device.
by anonymous

Sorry the tcpdump was when ping from laptop. Do you want me to ping from the router whilst tcp-dump from the router?

Ping from router to 8.8.8.8.

root@Teltonika-RUTX09:~# tcpdump -i NORDWG -n -v -s 0 'icmp'

tcpdump: listening on NORDWG, link-type RAW (Raw IP), capture size 262144 bytes

20:39:53.375534 IP (tos 0x0, ttl 64, id 56076, offset 0, flags [DF], proto ICMP (1), length 84)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 25895, seq 0, length 64

20:39:53.414774 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 84)

    8.8.8.8 > 10.5.0.2: ICMP echo reply, id 25895, seq 0, length 64

20:39:54.375785 IP (tos 0x0, ttl 64, id 56113, offset 0, flags [DF], proto ICMP (1), length 84)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 25895, seq 1, length 64

20:39:54.415775 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 84)

    8.8.8.8 > 10.5.0.2: ICMP echo reply, id 25895, seq 1, length 64

20:39:55.376001 IP (tos 0x0, ttl 64, id 56132, offset 0, flags [DF], proto ICMP (1), length 84)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 25895, seq 2, length 64

20:39:55.414737 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 84)

    8.8.8.8 > 10.5.0.2: ICMP echo reply, id 25895, seq 2, length 64

20:39:56.376238 IP (tos 0x0, ttl 64, id 56216, offset 0, flags [DF], proto ICMP (1), length 84)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 25895, seq 3, length 64

20:39:56.413809 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 84)

    8.8.8.8 > 10.5.0.2: ICMP echo reply, id 25895, seq 3, length 64

20:39:57.376476 IP (tos 0x0, ttl 64, id 56287, offset 0, flags [DF], proto ICMP (1), length 84)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 25895, seq 4, length 64

20:39:57.413772 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 84)

    8.8.8.8 > 10.5.0.2: ICMP echo reply, id 25895, seq 4, length 64

20:39:58.376713 IP (tos 0x0, ttl 64, id 56295, offset 0, flags [DF], proto ICMP (1), length 84)

    10.5.0.2 > 8.8.8.8: ICMP echo request, id 25895, seq 5, length 64

20:39:58.418722 IP (tos 0x0, ttl 60, id 0, offset 0, flags [none], proto ICMP (1), length 84)

    8.8.8.8 > 10.5.0.2: ICMP echo reply, id 25895, seq 5, length 64

20:40:00.464873 IP (tos 0xc0, ttl 64, id 61092, offset 0, flags [none], proto ICMP (1), length 247)

    10.5.0.2 > 103.86.96.100: ICMP 10.5.0.2 udp port 57159 unreachable, length 227

        IP (tos 0x0, ttl 64, id 2467, offset 0, flags [none], proto UDP (17), length 219)

    103.86.96.100.53 > 10.5.0.2.57159: 39166 5/0/0 avs-alexa-14-eu.amazon.com. CNAME alexa-14.eu.gateway.devices.a2z.com., alexa-14.eu.gateway.devices.a2z.com. CNAME geo.eu.gateway.devices.a2z.com., geo.eu.gateway.devices.a2z.com. CNAME naws-migration-eu.gateway.devices.a2z.com., naws-migration-eu.gateway.devices.a2z.com. CNAME bob-dispatch-prod-eu.amazon.com., bob-dispatch-prod-eu.amazon.com. A 52.94.222.208 (191)

20:40:00.468868 IP (tos 0xc0, ttl 64, id 61093, offset 0, flags [none], proto ICMP (1), length 247)

    10.5.0.2 > 103.86.96.100: ICMP 10.5.0.2 udp port 57159 unreachable, length 227

        IP (tos 0x0, ttl 64, id 2468, offset 0, flags [none], proto UDP (17), length 219)

    103.86.96.100.53 > 10.5.0.2.57159: 39166 5/0/0 avs-alexa-14-eu.amazon.com. CNAME alexa-14.eu.gateway.devices.a2z.com., alexa-14.eu.gateway.devices.a2z.com. CNAME geo.eu.gateway.devices.a2z.com., geo.eu.gateway.devices.a2z.com. CNAME naws-migration-eu.gateway.devices.a2z.com., naws-migration-eu.gateway.devices.a2z.com. CNAME bob-dispatch-prod-eu.amazon.com., bob-dispatch-prod-eu.amazon.com. A 52.94.222.208 (191)

^C

14 packets captured

14 packets received by filter

0 packets dropped by kernel

by anonymous

Sorry the tcpdump was when ping from laptop.

Then it works ! Try some http/https ...

Edit: maybe I have missed something. The tunnel itself is fine but does the laptop sees the echo reply ?

by anonymous
The ping can be seen as sent and received on laptop.

Do you mean ping with Fqdn address rather than IP address?

I have tried surfing web but it just spins or throws up proxy/dns error.
by anonymous
That's another issue. Could you try nslookup www.yahoo.com or some other well known fqdn from the laptop ? From the router ? Does it resolves ?
by anonymous

root@Teltonika-RUTX09:~# nslookup bbc.co.uk

Server:         127.0.0.1

Address:        127.0.0.1#53

Name:      bbc.co.uk

Address 1: 151.101.192.81

Address 2: 151.101.128.81

Address 3: 151.101.64.81

Address 4: 151.101.0.81

Address 5: 2a04:4e42:600::81

Address 6: 2a04:4e42:400::81

Address 7: 2a04:4e42:200::81

Address 8: 2a04:4e42::81

LAPTOP

Server:  Teltonika-RUTX09.com

Address:  192.168.0.1

Non-authoritative answer:

Name:    bbc.co.uk

Addresses:  2a04:4e42::81

          2a04:4e42:200::81

          2a04:4e42:400::81

          2a04:4e42:600::81

          151.101.0.81

          151.101.64.81

          151.101.128.81

          151.101.192.81

by anonymous
And what https://bbc.co.uk has to say ?
by anonymous
Now I see IPv6 is sneaking in. Add ::/0 to the Allowed IPs list.
by anonymous
Think I sorted it.

So a few troubleshooting items later with the Metric.

Setting my WG metric to 10  BUT LEAVING the MOB metric blank (or with the greyed out 300) has sorted this.

So to me - correct me if I misunderstand- the routing tables were not putting the WG before the ISP when active?
by anonymous

NSLOOKUP for HTTPs://

oot@Teltonika-RUTX09:~# nslookup https://www.yahoo.com

Server:         127.0.0.1

Address:        127.0.0.1#53

** server can't find https://www.yahoo.com: NXDOMAIN

** server can't find https://www.yahoo.com: NXDOMAIN

by anonymous
Thanks for the extensive help.

Without all this ruling out I would have never got to the solution.
by anonymous

> So to me - correct me if I misunderstand- the routing tables were not putting the WG before the ISP when active?

I don't think so. From ping 8.8.8.8 from the laptop tcpdump can see the requests/replies on the wg interface but not the wwan0 one. So the routes were already correct or at least workable for IPv4.

For nslookup: just nslookup www.yahoo.com not nslookup https://www.yahoo.com

Try https://bbc.co.uk from a browser. May fail cause name resolution returns IPv6 addresses first you need to add ::/0 to the allowed IP addresses list.

 

by anonymous

So https://bbc.co.uk loads the webpage but I have added ::/0 to the third line of allowed ips. 

But when I run nslookup it looks like the ipv6 still is appearing. 

Non-authoritative answer:

Name:    yahoo.com

Addresses:  2001:4998:24:120d::1:0

          2001:4998:44:3507::8001

          2001:4998:124:1507::f000

          2001:4998:24:120d::1:1

          2001:4998:44:3507::8000

          2001:4998:124:1507::f001

          74.6.231.20

          74.6.231.21

          98.137.11.163

          98.137.11.164

          74.6.143.25

          74.6.143.26

by anonymous
Yes, route metrics have nothing to do here. bbc.co.uk is accessed via its first IPv6 address which wasn't sent through the tunnel before adding ::/0 to the allowed IPs list.

The same would apply for https://www.yahoo.com

ping 8.8.8.8 being an IPv4 address isn't affected by the ::/0 rule.

Please fix your first answer because it will induce other users in error.
0 votes
by anonymous

Think I sorted it.

So a few troubleshooting items later with the Metric.

Setting my WG metric to 10  BUT LEAVING the MOB metric blank (or with the greyed out 300) has sorted this.

So to me - correct me if I misunderstand- the routing tables were not putting the WG before the ISP when active?

by anonymous
This is not a route issue but a missing IPv6 ::/0 address in the Allowed IPs list.