pivpn: [Support] I'm missing the traffic routed to the gateway
In raising this issue, I confirm the following:
{please fill the checkboxes, e.g: [X]}
- I have read and understood the contributors guide.
- The issue I am reporting can be replicated.
- The issue I am reporting can be is directly related to the pivpn installer script.
- The issue I am reporting isn’t a duplicate (see FAQs, closed issues, and open issues).
Issue
Looks like routing to default gateway is not working. I can get udp traffic from client to raspberry and viceversa but I can’t see any traffic between the client and the gateway or forwarded from the raspberry to the gateway. Handshaking is keeping the connection alive between wireguard client/server. Mine configuration is WireGuard running on default udp port, I dunno if the provider is blocking it, any chance to debug? Router is 192.168.1.1 Raspberry is 192.168.1.4 (static ip) DNS is raspberry pihole itself OS: is ubuntu server arm64
The amount of traffic is going up an down is like the DNS queries only.
This is a part of tcpdump
13:45:52.741779 IP (tos 0x0, ttl 44, id 62511, offset 0, flags [DF], proto UDP (17), length 156)
37.161.x.x.34512 > pihole.aaa.bbb.com.51820: UDP, length 128
13:45:52.744292 IP (tos 0x0, ttl 64, id 35776, offset 0, flags [none], proto UDP (17), length 220)
pihole.aaa.bbb.com.51820 > 37.161.x.x.34512: UDP, length 192
13:45:55.951398 IP (tos 0x0, ttl 44, id 62693, offset 0, flags [DF], proto UDP (17), length 140)
37.161.x.x.34512 > pihole.aaa.bbb.com.51820: UDP, length 112
13:45:55.953538 IP (tos 0x0, ttl 64, id 36385, offset 0, flags [none], proto UDP (17), length 188)
pihole.aaa.bbb.com.51820 > 37.161.x.x.34512: UDP, length 160
13:45:57.731629 IP (tos 0x0, ttl 44, id 62857, offset 0, flags [DF], proto UDP (17), length 156)
37.161.x.x.34512 > pihole.aaa.bbb.com.51820: UDP, length 128
13:45:57.734236 IP (tos 0x0, ttl 64, id 36409, offset 0, flags [none], proto UDP (17), length 220)
pihole.aaa.bbb.com.51820 > 37.161.x.x.34512: UDP, length 192
13:46:00.982036 IP (tos 0x0, ttl 44, id 62990, offset 0, flags [DF], proto UDP (17), length 140)
37.161.x.x.34512 > pihole.aaa.bbb.com.51820: UDP, length 112
root@pihole:~# wg show wg0
interface: wg0
public key: xxxxxxxxxxxxxxxxxxxxxxxxxxxx=
private key: (hidden)
listening port: 51820
peer: /yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy=
preshared key: (hidden)
endpoint: 37.161.x.x:34512
allowed ips: 10.6.0.2/32
latest handshake: 1 minute, 3 seconds ago
transfer: 24.88 KiB received, 44.36 KiB sent
root@pihole:~# sudo ufw status verbose
Status: inactive
root@pihole:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 202 0 0 enxb827ebbeebe6
10.6.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
link-local 0.0.0.0 255.255.0.0 U 205 0 0 docker0
link-local 0.0.0.0 255.255.0.0 U 207 0 0 veth8d81027
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 enxb827ebbeebe6
Console output of pivpn debug
root@pihole:~# pivpn -d
::: Generating Debug Output
tee: /tmp/debug.log: Permission denied
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
commit fc6e853049c24ab490bdaebaaa27a57b100f1c6d
Author: 4s3ti <4s3ti@protonmail.com>
Date: Wed Dec 2 23:25:34 2020 +0100
New pivpn status page
Changed status page on README.md,
new status page at https://status.pivpn.io
=============================================
:::: Installation settings ::::
PLAT=Ubuntu
OSCN=groovy
USING_UFW=0
IPv4dev=enxb827ebbeebe6
IPv4addr=192.168.1.4/24
IPv4gw=192.168.1.1
install_user=ubuntu
install_home=/home/ubuntu
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=10.6.0.1
pivpnDNS2=
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=1
pivpnPROTO=udp
pivpnDEV=wg0
pivpnNET=10.6.0.0
subnetClass=24
UNATTUPG=1
INSTALLED_PACKAGES=()
=============================================
:::: Server configuration shown below ::::
[Interface]
PrivateKey = server_priv
Address = 10.6.0.1/24
ListenPort = 51820
### begin tassoman ###
[Peer]
PublicKey = tassoman_pub
PresharedKey = tassoman_psk
AllowedIPs = 10.6.0.2/32
### end tassoman ###
=============================================
:::: Client configuration shown below ::::
[Interface]
PrivateKey = tassoman_priv
Address = 10.6.0.2/24
DNS = 10.6.0.1
[Peer]
PublicKey = server_pub
PresharedKey = tassoman_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
=============================================
:::: Recursive list of files in ::::
:::: /etc/wireguard shown below ::::
/etc/wireguard:
configs
keys
wg0.conf
/etc/wireguard/configs:
clients.txt
tassoman.conf
/etc/wireguard/keys:
server_priv
server_pub
tassoman_priv
tassoman_psk
tassoman_pub
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] Iptables FORWARD rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled (it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://github.com/pivpn/pivpn/wiki/FAQ
=============================================
:::: WARNING: This script should have automatically masked sensitive ::::
:::: information, however, still make sure that PrivateKey, PublicKey ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this: ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::
=============================================
:::: Debug complete ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 19 (6 by maintainers)
I’ve solved this issue and probably all the other issues related 😒
Altough wireguard is working on udp port, you need to forward both TCP+UDP 51820 ports from your router to the pivpn+pihole
Raspberry Pi OS 9/10 and Ubuntu Server 20.04 are officially supported