Marketplace WireGuard Install Not Working
For the life of me, I can't figure out what I'm doing wrong. I used the Marketplace install for Wireguard and followed the tutorial.
My server config
[Interface]
PrivateKey = <Server Private Key>
Address = 10.0.1.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
SaveConfig = true
[Peer]
PublicKey = <Client Public Key>
AllowedIPs = 10.0.1.0/24
Endpoint = <Client Public Static IP>:51820
Heres' the Client's Configuration
[Interface]
PrivateKey = <Client Private Key>
ListenPort = 51820
Address = 10.0.1.2/24
[Peer]
PublicKey = <Server Public Key>
AllowedIPs = 10.0.1.1/24
Endpoint = <Server Public Static IP>:51820
When using wg show I don't see any handshake. Similarly, pinging 10.0.1.1 on the client side yields nothing. I'm using the macOS version of the WireGuard Client.
Thanks in advance for any suggestions and help.
1 Reply
jtoscani
Linode Staff
This gave me a run for my money too but ultimately I was able to get this working with an Ubuntu 20.04LTS Linode acting as my client.
Aside from the listening port, your configurations for client and server are identical to mine. Substituting out the placeholders for Keys & Public IPs, mine are as follows:
Server Configuration
[Interface]
Address = 10.0.1.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERA$
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUE$
ListenPort = 51820
PrivateKey = <<<server private key>>>
[Peer]
PublicKey = <<<client public key>>>
AllowedIPs = 10.0.1.0/24
Endpoint = <<client public IP>>:51820
Client Configuration
[Interface]
Address = 10.0.1.2/24
Address = fd86:ea04:1115::5/64
ListenPort = 45113
PrivateKey = <<<client private key>>>
[Peer]
PublicKey = <<<server public key>>>
AllowedIPs = 10.0.1.0/24
Endpoint = <<<server public IP>>>:51820
It took several mistakes getting to this point, though - For me, I found these areas resulted in the most difficulty:
Understanding the kernal module demands for Wireguard.
In our Ubuntu guide, I was struggling to get the Wireguard module messages detailed here: Install Wireguard
I was successful with this when running the following command on my client Linode when installing Wireguard - this exists on our Set up Wireguard on Debian guide:
apt install wireguard-dkms wireguard-tools
In one of my trials, though, I set up Wireguard on two Ubuntu 18.04 LTS Linodes (server and client) and ran into trouble. Based on this Wireguard tutorial from Linux Babe, there may be some extra work needed for the kernel prior to installing Wireguard (see tutorial for details)
Make sure you're using the GRUB2 kernel and not the default Linode Kernel!!
If you're setting this up on a Linode make sure that server is using the GRUB2 kernel - by default Linodes boot with a Linode kernel. You can change this through Cloud Manager, and you will need to restart your server after doing so: Viewing and Modifying the Kernel
Stopping and starting the wg0 interface
It was easy to forget to bring down the wg0 interface prior to editing the wg0.conf file - I made it a habit of bringing this down before making any changes to the configuration files on both client and server, and then bringing it back up once I was done.
sudo wg-quick down wg0
sudo wg-quick up wg0
Setting firewalls for both server and client
I would also make sure your firewalls are set properly and aren't interrupting anything. If you have Cloud Firewalls enabled, double-check they are not set in such a way that would interfere with your connection.
Step-by-Step
For your reference, here is the exact procedure followed to get this successful connection going:
Creating and configuring the CLIENT
Fresh Ubuntu 20.04 LTS Linode
- Apply updates and upgrades
sudo apt update && sudo apt upgrade
- Install Wireguard
apt install wireguard-dkms wireguard-tools
- Generate pub and priv keys
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
- Set the firewalls, enable, and review
sudo ufw allow 22/tcp
sudo ufw allow 51820/udp
sudo ufw enable
sudo ufw status verbose
- Create the configuration file and update with just the [INTERFACE] information (for now) -- be sure the
Addressformat matches that of the server - for example, 10.0.1.2/24 vs. 10.0.0.2/24 vs. 172.16.0.2/24 vs. 192.168.1.2/24
[Interface]
Address = 10.0.1.2/24
Address = fd86:ea04:1115::5/64
ListenPort = 45113
PrivateKey = <<<client private key>>>
- Bring up the wg0 interface, enable, and run a check on the config
wg-quick up wg0
sudo systemctl enable wg-quick@wg0
sudo wg show
#output for sudo wg show is as follows
interface: wg0
public key: <<<client public key>>>
private key: (hidden)
listening port: 45113
Creating the SERVER
- Deploy a Wireguard server through Marketplace and include the CLIENT information for endpoint IP and public key
- Get the information for the servers public and private key to be used to update the client configuration:
cat /root/wg-public.key
cat /root/wg-private.key
- Bring down the wg0 interface (I did this for due diligence)
wg-quick down wg0
Completing the CLIENT configuration
- On the CLIENT server, bring down the wg0 interface
wg-quick down wg0
- Update
/etc/wireguard/wg0.confwith the [PEER] information:
[PEER]
PublicKey = <Server Public Key>
AllowedIPs = 10.0.1.1/24
Endpoint = <Server Public Static IP>:51820
Connecting the CLIENT and SERVER
- On both the client and server, bring up wg0 interface:
sudo wg-quick up wg0
- Verify the connection:
sudo wg
- Ping the server from the client:
ping 10.0.1.1