Marketplace WireGuard Install Not Working

For the life of me, I can't figure out what I'm doing wrong. I used the Marketplace install for Wireguard and followed the tutorial.

My server config

[Interface]
PrivateKey = <Server Private Key>
Address = 10.0.1.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
SaveConfig = true

[Peer]
PublicKey = <Client Public Key>
AllowedIPs = 10.0.1.0/24
Endpoint = <Client Public Static IP>:51820

Heres' the Client's Configuration

[Interface]
PrivateKey = <Client Private Key>
ListenPort = 51820
Address = 10.0.1.2/24

[Peer]
PublicKey = <Server Public Key>
AllowedIPs = 10.0.1.1/24
Endpoint = <Server Public Static IP>:51820

When using wg show I don't see any handshake. Similarly, pinging 10.0.1.1 on the client side yields nothing. I'm using the macOS version of the WireGuard Client.

Thanks in advance for any suggestions and help.

1 Reply

This gave me a run for my money too but ultimately I was able to get this working with an Ubuntu 20.04LTS Linode acting as my client.

Aside from the listening port, your configurations for client and server are identical to mine. Substituting out the placeholders for Keys & Public IPs, mine are as follows:

Server Configuration

[Interface]
Address = 10.0.1.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERA$
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUE$
ListenPort = 51820
PrivateKey = <<<server private key>>>

[Peer]
PublicKey = <<<client public key>>>
AllowedIPs = 10.0.1.0/24
Endpoint = <<client public IP>>:51820

Client Configuration

[Interface]
Address = 10.0.1.2/24
Address = fd86:ea04:1115::5/64
ListenPort = 45113
PrivateKey = <<<client private key>>>

[Peer]
PublicKey = <<<server public key>>>
AllowedIPs = 10.0.1.0/24
Endpoint = <<<server public IP>>>:51820

It took several mistakes getting to this point, though - For me, I found these areas resulted in the most difficulty:

Understanding the kernal module demands for Wireguard.

In our Ubuntu guide, I was struggling to get the Wireguard module messages detailed here: Install Wireguard

I was successful with this when running the following command on my client Linode when installing Wireguard - this exists on our Set up Wireguard on Debian guide:

apt install wireguard-dkms wireguard-tools

In one of my trials, though, I set up Wireguard on two Ubuntu 18.04 LTS Linodes (server and client) and ran into trouble. Based on this Wireguard tutorial from Linux Babe, there may be some extra work needed for the kernel prior to installing Wireguard (see tutorial for details)

Make sure you're using the GRUB2 kernel and not the default Linode Kernel!!
If you're setting this up on a Linode make sure that server is using the GRUB2 kernel - by default Linodes boot with a Linode kernel. You can change this through Cloud Manager, and you will need to restart your server after doing so: Viewing and Modifying the Kernel

Stopping and starting the wg0 interface

It was easy to forget to bring down the wg0 interface prior to editing the wg0.conf file - I made it a habit of bringing this down before making any changes to the configuration files on both client and server, and then bringing it back up once I was done.

sudo wg-quick down wg0
sudo wg-quick up wg0


Setting firewalls for both server and client

I would also make sure your firewalls are set properly and aren't interrupting anything. If you have Cloud Firewalls enabled, double-check they are not set in such a way that would interfere with your connection.

Step-by-Step

For your reference, here is the exact procedure followed to get this successful connection going:

Creating and configuring the CLIENT

Fresh Ubuntu 20.04 LTS Linode

  1. Apply updates and upgrades
sudo apt update && sudo apt upgrade
  1. Install Wireguard
apt install wireguard-dkms wireguard-tools
  1. Generate pub and priv keys
umask 077 
wg genkey | tee privatekey | wg pubkey > publickey
  1. Set the firewalls, enable, and review
sudo ufw allow 22/tcp 
sudo ufw allow 51820/udp 
sudo ufw enable

sudo ufw status verbose
  1. Create the configuration file and update with just the [INTERFACE] information (for now) -- be sure the Address format matches that of the server - for example, 10.0.1.2/24 vs. 10.0.0.2/24 vs. 172.16.0.2/24 vs. 192.168.1.2/24
[Interface]
Address = 10.0.1.2/24
Address = fd86:ea04:1115::5/64
ListenPort = 45113
PrivateKey = <<<client private key>>>
  1. Bring up the wg0 interface, enable, and run a check on the config
wg-quick up wg0
sudo systemctl enable [email protected]
sudo wg show

#output for sudo wg show is as follows
interface: wg0
  public key: <<<client public key>>>
  private key: (hidden)
  listening port: 45113

Creating the SERVER

  1. Deploy a Wireguard server through Marketplace and include the CLIENT information for endpoint IP and public key
  2. Get the information for the servers public and private key to be used to update the client configuration:
cat /root/wg-public.key
cat /root/wg-private.key
  1. Bring down the wg0 interface (I did this for due diligence)
wg-quick down wg0

Completing the CLIENT configuration

  1. On the CLIENT server, bring down the wg0 interface
wg-quick down wg0
  1. Update /etc/wireguard/wg0.conf with the [PEER] information:
[PEER]
PublicKey = <Server Public Key>
AllowedIPs = 10.0.1.1/24
Endpoint = <Server Public Static IP>:51820

Connecting the CLIENT and SERVER

  1. On both the client and server, bring up wg0 interface:
sudo wg-quick up wg0
  1. Verify the connection:
sudo wg
  1. Ping the server from the client:
ping 10.0.1.1

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct