Wireguard, handshake working but no internet access

So I have deployed a wireguard container and everything seems to be working even the handshake between the server and my windows 10 client. But, I have no internet connection when using the VPN.

I am running it in Rancher but here is how the docker compose file would look like.

  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Zurich
      - SERVERURL= ----
      - SERVERPORT=51820 
      - PEERS=laptop,phone
      - PEERDNS=8.8.8.8
    volumes:
      - /path/to/appdata/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped                                                                                         

And yes I have port forwarded the necessary port. Any Ideas what could be wrong?

Can you show the handshake from the docker side?

‘docker exec -it wireguard wg show’

Also how are you trying to access things, hopefully by ip

Here is the handshake, and yes I am trying to access it through my public ip.

interface: wg0
  public key: ---
  private key: (hidden)
  listening port: 51820

peer: ---
  endpoint: 192.168.7.1:51820
  allowed ips: 10.13.13.3/32
  latest handshake: 6 seconds ago
  transfer: 1.64 KiB received, 92 B sent

does rancher properly handle natting the traffic in and out? we do not test or support rancher, so i have no clue how it behaves. This all looks correct though. Are you able to ping an ip, say 8.8.8.8 from a connected client (to check if this is a dns or internet reachability issue)

The ping was not successful.

levin@DESKTOP-12VKLFP MINGW64 ~
$ ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Sadly I am relatively new to Rancher and cannot say if it behaves correctly.

Simple question: Is port 53 used by any other application? Wireguard has its own DNS service (coredns).

Coredns isn’t used when specifying an upstream dns

I’m inclined to blame rancher, unless you’re able to reproduce the issue using tested platforms (ie a debian deriv with docker )

levin@Rancher:~$ sudo netstat -tunlp | grep 53
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      852/systemd-resolve
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2330053/docker-prox
tcp6       0      0 :::10014                :::*                    LISTEN      15393/pushprox-clie
udp        0      0 127.0.0.53:53           0.0.0.0:*                           852/systemd-resolve

I will now attempt to reproduce it using plain docker.

EDIT: I currently don’t think that rancher is to blame since this guy https://www.youtube.com/watch?v=xlyTCuWqDOg got it working on rancher.

EDIT_1: I got it working on pure docker (docker-compose) without any hiccups…

1 Like