Hello,
i am currently struggeling with linuxserver/wireguard.
It is not really working out of the box cause i experience two problems:
The first one is that when i create a client config with the webUI, the config is only working on my mobile device. On the PC (Windows Client of Wireguard) i get the error, that the section of fwmark is wrong/has an error.
The fwmark Line in the Client config is the following:
FwMark = 0xca6c
When i just delete this line in the config, the config will be loaded without problems and i can connect to the VPN.
The second Problem is that then, when i am connected to the VPN, i have no Internet connection.
Not even a simple Ping to 8.8.8.8 is working. I just get a timeout.
Would be nice if someone could help or share a working docker-compose or something…
My docker-compose is the following:
You are right, if i use the wg0.conf from the linuxserver/wireguard container the VPN connection works and the internet connection is also working.
But if i look at https://whatismyipaddress.com/ i see my routers IP and not the IP of the VPN Server.
So my real IP is leaked and something is not working correct.
the sample is to connect a remote asset, such as your phone, to your home. what IP would you expect to see if you vpn to your home outside of your home ip?
if you want your phone to connect to a vpn that “protects” your personal info, you buy service and connect your phone to that. then your ip will be that belonging to the service you paid for. (ie; dedi, vps, mullvad, torguard, etc)
I expect to see the IP of the VPN Server.
I run the VPN on a Server in the Internet to protect my connection (=my data transfer) between the client (phone or PC) and the router.
On the Phone it works. I see the VPN Servers IP when i check for my IP. But on PC it is not working. I see my Routers IP and not the IP of the VPN Server.
So my real ip is “leaked”
where are you running the wireguard container? your home server or some colo host/vps?
You’re lacking some critical information in your post that would be extremely helpful to us
ok in that case, can you obfuscate the private key and share the leaking pc config? feel free to share the working phone’s config as well, just remember to remove/obfuscate the private key
Hello,
the following is the config which is stored under “config/wg0.conf”.
When i scan the QR Code in the Docker Containers Console, my mobile device is connecting and the Outgoing IP is the IP from the server.
When i use the wg0.conf for my Computer (since i cannot scan the QR Code with my Computer), it is showing the real IP of my Router when i check which IP i use for outgoing connections.
What i discovered is that the Server URL is completely missing in that config. The clients says that it is connected and dont throw any error.
[Interface]
Address = IP from a Private Subnet
ListenPort = 51820
PrivateKey = KEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE
[Peer]
# peer1
PublicKey = KEY
PresharedKey = KEY
AllowedIPs = IP from a Private Subnet
Yes, i just read it. Thanks for your answer, it is working now!
But what i still didnt understand is that the Client, on Mobile and on PC, says it is connected even if i shutdown the server.
Connection to the Internet (open a website for example) is not working then, but the client says it is connected and dont give any error.
Wireguard is stateless. When it says connected, it just means it’s sending packets through the tunnel. Whether the other side is receiving and is able to decrypt the packets is a different story.
You need to check for a handshake on the server by running docker exec wireguard wg show
You could fork the wireguard project and make it non-stateless and start logging things, sure. It is not something that has anything to do with us. We are happy with wireguard as it is.