Hello All,
I’m trying to use the Wireguard container in server mode, so that i can access all my local services when am on the move but am having issues in establishing a connection
following is my docker compose
version: "2.1"
services:
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Kolkata
- SERVERURL=auto #optional
- SERVERPORT=51820 #optional
- PEERS=5 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.13.13.0 #optional
- ALLOWEDIPS=0.0.0.0/0 #optional
- LOG_CONFS=true #optional
volumes:
- /home/appData/wireguard/config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
following is my client conf
[Interface]
Address = 10.13.13.2
PrivateKey = [PrivateKey]
ListenPort = 51820
DNS = 10.13.13.1
[Peer]
PublicKey = [PublicKey]
PresharedKey = [PresharedKey]
Endpoint = myip:51820
AllowedIPs = 0.0.0.0/0
and following is the log (i have removed my ip from the logs along with qr codes)
today at 11:31:16s6-rc: info: service s6rc-oneshot-runner: starting
today at 11:31:16s6-rc: info: service s6rc-oneshot-runner successfully started
today at 11:31:16s6-rc: info: service fix-attrs: starting
today at 11:31:16s6-rc: info: service 00-legacy: starting
today at 11:31:16s6-rc: info: service 00-legacy successfully started
today at 11:31:16s6-rc: info: service fix-attrs successfully started
today at 11:31:16s6-rc: info: service legacy-cont-init: starting
today at 11:31:16cont-init: info: running /etc/cont-init.d/01-envfile
today at 11:31:16cont-init: info: /etc/cont-init.d/01-envfile exited 0
today at 11:31:16cont-init: info: running /etc/cont-init.d/01-migrations
today at 11:31:16[migrations] started
today at 11:31:16[migrations] no migrations found
today at 11:31:16cont-init: info: /etc/cont-init.d/01-migrations exited 0
today at 11:31:16cont-init: info: running /etc/cont-init.d/02-tamper-check
today at 11:31:16cont-init: info: /etc/cont-init.d/02-tamper-check exited 0
today at 11:31:16cont-init: info: running /etc/cont-init.d/10-adduser
today at 11:31:16-------------------------------------
today at 11:31:16 _ ()
today at 11:31:16 | | ___ _ __
today at 11:31:16 | | / __| | | / \
today at 11:31:16 | | \__ \ | | | () |
today at 11:31:16 |_| |___/ |_| \__/
today at 11:31:16Brought to you by linuxserver.io
today at 11:31:16-------------------------------------
today at 11:31:16To support the app dev(s) visit:
today at 11:31:16WireGuard: https://www.wireguard.com/donations/
today at 11:31:16To support LSIO projects visit:
today at 11:31:16https://www.linuxserver.io/donate/
today at 11:31:16-------------------------------------
today at 11:31:16GID/UID
today at 11:31:16-------------------------------------
today at 11:31:16User uid: 1000
today at 11:31:16User gid: 1000
today at 11:31:16-------------------------------------
today at 11:31:16cont-init: info: /etc/cont-init.d/10-adduser exited 0
today at 11:31:16cont-init: info: running /etc/cont-init.d/30-module
today at 11:31:16Uname info: Linux bcc83da76d6f 5.13.0-52-generic #59-Ubuntu SMP Wed Jun 15 20:17:13 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
today at 11:31:16**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
today at 11:31:16cont-init: info: /etc/cont-init.d/30-module exited 0
today at 11:31:16cont-init: info: running /etc/cont-init.d/40-confs
today at 11:31:16**** Server mode is selected ****
today at 11:31:16**** SERVERURL var is either not set or is set to "auto", setting external IP to auto detected value of xx.xx.xx.xx ****
today at 11:31:16**** External server port is set to 51820. Make sure that port is properly forwarded to port 51820 inside this container ****
today at 11:31:16**** Internal subnet is set to 10.13.13.0 ****
today at 11:31:16**** AllowedIPs for peers 0.0.0.0/0 ****
today at 11:31:16**** PEERDNS var is either not set or is set to "auto", setting peer DNS to 10.13.13.1 to use wireguard docker host's DNS. ****
today at 11:31:16**** Server mode is selected ****
today at 11:31:16**** Server related environment variables changed, regenerating 1 server and 5 peer/client confs ****
today at 11:31:16PEER 1 QR code:
today at 11:31:16cont-init: info: /etc/cont-init.d/40-confs exited 0
today at 11:31:16cont-init: info: running /etc/cont-init.d/90-custom-folders
today at 11:31:16cont-init: info: /etc/cont-init.d/90-custom-folders exited 0
today at 11:31:16cont-init: info: running /etc/cont-init.d/99-custom-scripts
today at 11:31:16[custom-init] no custom files found exiting...
today at 11:31:16cont-init: info: /etc/cont-init.d/99-custom-scripts exited 0
today at 11:31:16s6-rc: info: service legacy-cont-init successfully started
today at 11:31:16s6-rc: info: service legacy-services: starting
today at 11:31:16services-up: info: copying legacy longrun coredns (no readiness notification)
today at 11:31:16services-up: info: copying legacy longrun wireguard (no readiness notification)
today at 11:31:16s6-rc: info: service legacy-services successfully started
today at 11:31:16s6-rc: info: service 99-ci-service-check: starting
today at 11:31:16[ls.io-init] done.
today at 11:31:16s6-rc: info: service 99-ci-service-check successfully started
today at 11:31:16[#] ip link add wg0 type wireguard
today at 11:31:16[#] wg setconf wg0 /dev/fd/63
today at 11:31:16[#] ip -4 address add 10.13.13.1 dev wg0
today at 11:31:16[#] ip link set mtu 1420 up dev wg0
today at 11:31:16.:53
today at 11:31:16CoreDNS-1.9.3
today at 11:31:16linux/amd64, go1.18.2, 45b0a11
today at 11:31:16[#] ip -4 route add 10.13.13.6/32 dev wg0
today at 11:31:16[#] ip -4 route add 10.13.13.5/32 dev wg0
today at 11:31:16[#] ip -4 route add 10.13.13.4/32 dev wg0
today at 11:31:16[#] ip -4 route add 10.13.13.3/32 dev wg0
today at 11:31:16[#] ip -4 route add 10.13.13.2/32 dev wg0
today at 11:31:16[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
so far i tried setting different DNS like that of cloudflare’s and google’s (1.1.1.1 and 8.8.8.8) but still no luck
whenever i try to connect through my android phone and look at logs it says
Sending handshake initiation
Handshake did not complete after 5 seconds
can you kindly let me know what am doing wrong here ?