FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
810 views 0 comments
by anonymous

Hi, 

I have an handshake on Wireguard, but still not possible to ping server <-> client.

If I install same server on my Mac, its pinging fine. I also changed MTU to recommended `1380`, did add WAN to Wireguard in the firewall and tried to switch of the firewall completely. What more options do we have. 

My server wg is showing:

interface: wg0

  public key: XXXX

  private key: (hidden)

  listening port: 51820

peer: xxxxx

  endpoint: XX.XX.52.171:51820

  allowed ips: (none)

  latest handshake: 1 minute, 8 seconds ago

  transfer: 3.69 KiB received, 1.20 KiB sent

Then on server wg0.conf is set like:

[Interface]

PrivateKey = xxxx

Address = 10.0.0.1/24

MTU = 1380

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

ListenPort = 51820

[Peer]

PublicKey = xxxxx

AllowedIPs = 10.0.0.2/24

For Teltonika RUT950 settings are like: 

config interface 'SP'             

        option proto 'wireguard'     

        option disabled '0'          

        option private_key 'yyyy'

        option public_key 'cccc' 

        option listen_port '51820'                                       

        list addresses '10.0.0.2/24'                                     

        option mtu '1380'                                                

                                                                         

config wireguard_SP 'DO'                                              

        option public_key 'xxxx' 

        option endpoint_host 'test.printserver.mydomain.com'     

        option persistent_keepalive '25'                                 

        list allowed_ips '0.0.0.0/0'                                     

        list allowed_ips '::/0'                                          

What other options do I have to get it running. Good to know I am always working on latest firmware (RUT9_R_00.07.01.4), and resetting modem to factory before setting up. Sometimes I succeed, but then I have the problem I don't have Internet on the modem. 

Some tips are very welcome, since I am stuck with this for some while now. 

I also have my troubleshoot files, so can always sent them if needed. 

Regards,

1 Answer

0 votes
by anonymous

Hello,

At first glance, your server has no allowed IPs:

  • allowed ips: (none)

Keep in mind, that, in order for the wireguard tunnel to work, both endpoints must be aware of any IPs, which may be routed via WG tunnel.

Also, in server config, there is a line:

  • AllowedIPs = 10.0.0.2/24

Try changing it to 10.0.0.2/32.

Best regards,

Žygimantas