#StackBounty: #ubuntu #vpn #routing #wireguard Wireguard VPN can't access internet and LAN

Bounty: 50

I have a server running Ubuntu 20.04 and wireguard 1.0.20200513-1~20.04.2. I installed the wireguard app on my phone (Android Samsung S20+) and disabled WIFI and connected to 4G. When the VPN is active I can access the server and nothing else on my home network (192.168.1.X) or the internet. The server has a 10.0.0.1 (VPN) and 192.168.1.171 (LAN) interface. The phone gets a 10.0.0.2 interface. I’m guessing I need to setup a route. Server firewall (ufw status) is inactive. Any help would be much appreciated.

/etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.1/24
Address = <MAC>::1/64
SaveConfig = true    
ListenPort = 51820
PrivateKey = <SERVER_KEY>

[Peer]
PublicKey = <CELL_PUB_KEY>
AllowedIPs = 10.0.0.2/32, 
Endpoint = <EXTERNAL_IP>:8598

Client Config

Cellphone config
[Interface]
PrivateKey =<CELL_KEY>
Address = 10.0.0.2/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = <SERVER_PUB_KEY>
AllowedIPs = 10.0.0.0/24, 192.168.1.0/24
Endpoint = <EXTERNAL_IP>:51820

/etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

route -n

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 enp2s0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp2s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0

On the server

ip route get from 10.0.0.2 iif wg0 192.168.1.1
192.168.1.1 from 10.0.0.2 dev enp2s0
    cache iif wg0

EDIT – Solution – Needed PostUp and PostDown lines in wireguard.conf:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <MY_KEY>

[Peer]
PublicKey = <MY_PUB_KEY>
AllowedIPs = 10.0.0.2/32


Get this bounty!!!

#StackBounty: #ubuntu #vpn #routing #wireguard Wireguard VPN can't access internet and LAN

Bounty: 50

I have a server running Ubuntu 20.04 and wireguard 1.0.20200513-1~20.04.2. I installed the wireguard app on my phone (Android Samsung S20+) and disabled WIFI and connected to 4G. When the VPN is active I can access the server and nothing else on my home network (192.168.1.X) or the internet. The server has a 10.0.0.1 (VPN) and 192.168.1.171 (LAN) interface. The phone gets a 10.0.0.2 interface. I’m guessing I need to setup a route. Server firewall (ufw status) is inactive. Any help would be much appreciated.

/etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.1/24
Address = <MAC>::1/64
SaveConfig = true    
ListenPort = 51820
PrivateKey = <SERVER_KEY>

[Peer]
PublicKey = <CELL_PUB_KEY>
AllowedIPs = 10.0.0.2/32, 
Endpoint = <EXTERNAL_IP>:8598

Client Config

Cellphone config
[Interface]
PrivateKey =<CELL_KEY>
Address = 10.0.0.2/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = <SERVER_PUB_KEY>
AllowedIPs = 10.0.0.0/24, 192.168.1.0/24
Endpoint = <EXTERNAL_IP>:51820

/etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

route -n

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 enp2s0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp2s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0

On the server

ip route get from 10.0.0.2 iif wg0 192.168.1.1
192.168.1.1 from 10.0.0.2 dev enp2s0
    cache iif wg0

EDIT – Solution – Needed PostUp and PostDown lines in wireguard.conf:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <MY_KEY>

[Peer]
PublicKey = <MY_PUB_KEY>
AllowedIPs = 10.0.0.2/32


Get this bounty!!!

#StackBounty: #domain-name-system #vpn Resolving one interface's (wlan0) request using DNS in another interface's (VPN) network

Bounty: 100

What I am trying to accomplish:

I have a WireGuard reverse VPN Setup that does not route my traffic, but lets me connect to my raspberry pi from within the Internet using a public server as "bridge".

I installed pihole on the raspberry pi. Now, I want to use the pi as DNS (over WireGuard) while sending the actual HTTP request from my actual device.

Basically, I want it to work like this:

192.168.0.x (wlan0@localhost) requests an URL. The DNS @192.168.66.z (pihole) resolves the URL and sends the IP back to 192.168.66.y (wg0@localhost). This answer is then used to send the HTTP request from 192.168.0.x (wlan0@localhost).

What I’ve tried:

Obviously, I have tried to enter the pi’s VPN-IP into NetworkManager. This has given me some headache as my Ubuntu (5.4.0-42-generic #46~18.04.1-Ubuntu) was always falling back to its default DNS (what I did not want even if the VPN DNS worked). I found a workaround provided by user2427436 on a SO thread here.

What the issue is:

While I can force the DNS to use (without falling back to the routers/default DNS), I cannot manage to use the pihole as DNS. I can connect to the pi via tunnel (eg HTTP, SSH,..), and the Port 53 (for DNS) is opened in the firewall. I still cannot resolve any domainnames. Also, checking journalctl -xe on the pi does not show any hint that the device tried to connect/resolve.

I would really like to understand why this is not working and how it is supposed to work. I feel like I am missing something on how DNS works.

What would be the correct logfile to check here? Do you have any suggestions what I should try next?

EDIT:

DNS is setup per network device. Does my wlan0 device @192.168.0.024 know about the wg0 device and it’s address space @192.168.66.024? May this be the cause of the problem, that I try to resolve a request from wlan0 using a DNS over wg0?
If yes, how would I solve this?


Get this bounty!!!

#StackBounty: #domain-name-system #vpn Resolving one interface's (wlan0) request using DNS in another interface's (VPN) network

Bounty: 100

What I am trying to accomplish:

I have a WireGuard reverse VPN Setup that does not route my traffic, but lets me connect to my raspberry pi from within the Internet using a public server as "bridge".

I installed pihole on the raspberry pi. Now, I want to use the pi as DNS (over WireGuard) while sending the actual HTTP request from my actual device.

Basically, I want it to work like this:

192.168.0.x (wlan0@localhost) requests an URL. The DNS @192.168.66.z (pihole) resolves the URL and sends the IP back to 192.168.66.y (wg0@localhost). This answer is then used to send the HTTP request from 192.168.0.x (wlan0@localhost).

What I’ve tried:

Obviously, I have tried to enter the pi’s VPN-IP into NetworkManager. This has given me some headache as my Ubuntu (5.4.0-42-generic #46~18.04.1-Ubuntu) was always falling back to its default DNS (what I did not want even if the VPN DNS worked). I found a workaround provided by user2427436 on a SO thread here.

What the issue is:

While I can force the DNS to use (without falling back to the routers/default DNS), I cannot manage to use the pihole as DNS. I can connect to the pi via tunnel (eg HTTP, SSH,..), and the Port 53 (for DNS) is opened in the firewall. I still cannot resolve any domainnames. Also, checking journalctl -xe on the pi does not show any hint that the device tried to connect/resolve.

I would really like to understand why this is not working and how it is supposed to work. I feel like I am missing something on how DNS works.

What would be the correct logfile to check here? Do you have any suggestions what I should try next?

EDIT:

DNS is setup per network device. Does my wlan0 device @192.168.0.024 know about the wg0 device and it’s address space @192.168.66.024? May this be the cause of the problem, that I try to resolve a request from wlan0 using a DNS over wg0?
If yes, how would I solve this?


Get this bounty!!!

#StackBounty: #domain-name-system #vpn Resolving one interface's (wlan0) request using DNS in another interface's (VPN) network

Bounty: 100

What I am trying to accomplish:

I have a WireGuard reverse VPN Setup that does not route my traffic, but lets me connect to my raspberry pi from within the Internet using a public server as "bridge".

I installed pihole on the raspberry pi. Now, I want to use the pi as DNS (over WireGuard) while sending the actual HTTP request from my actual device.

Basically, I want it to work like this:

192.168.0.x (wlan0@localhost) requests an URL. The DNS @192.168.66.z (pihole) resolves the URL and sends the IP back to 192.168.66.y (wg0@localhost). This answer is then used to send the HTTP request from 192.168.0.x (wlan0@localhost).

What I’ve tried:

Obviously, I have tried to enter the pi’s VPN-IP into NetworkManager. This has given me some headache as my Ubuntu (5.4.0-42-generic #46~18.04.1-Ubuntu) was always falling back to its default DNS (what I did not want even if the VPN DNS worked). I found a workaround provided by user2427436 on a SO thread here.

What the issue is:

While I can force the DNS to use (without falling back to the routers/default DNS), I cannot manage to use the pihole as DNS. I can connect to the pi via tunnel (eg HTTP, SSH,..), and the Port 53 (for DNS) is opened in the firewall. I still cannot resolve any domainnames. Also, checking journalctl -xe on the pi does not show any hint that the device tried to connect/resolve.

I would really like to understand why this is not working and how it is supposed to work. I feel like I am missing something on how DNS works.

What would be the correct logfile to check here? Do you have any suggestions what I should try next?

EDIT:

DNS is setup per network device. Does my wlan0 device @192.168.0.024 know about the wg0 device and it’s address space @192.168.66.024? May this be the cause of the problem, that I try to resolve a request from wlan0 using a DNS over wg0?
If yes, how would I solve this?


Get this bounty!!!

#StackBounty: #domain-name-system #vpn Resolving one interface's (wlan0) request using DNS in another interface's (VPN) network

Bounty: 100

What I am trying to accomplish:

I have a WireGuard reverse VPN Setup that does not route my traffic, but lets me connect to my raspberry pi from within the Internet using a public server as "bridge".

I installed pihole on the raspberry pi. Now, I want to use the pi as DNS (over WireGuard) while sending the actual HTTP request from my actual device.

Basically, I want it to work like this:

192.168.0.x (wlan0@localhost) requests an URL. The DNS @192.168.66.z (pihole) resolves the URL and sends the IP back to 192.168.66.y (wg0@localhost). This answer is then used to send the HTTP request from 192.168.0.x (wlan0@localhost).

What I’ve tried:

Obviously, I have tried to enter the pi’s VPN-IP into NetworkManager. This has given me some headache as my Ubuntu (5.4.0-42-generic #46~18.04.1-Ubuntu) was always falling back to its default DNS (what I did not want even if the VPN DNS worked). I found a workaround provided by user2427436 on a SO thread here.

What the issue is:

While I can force the DNS to use (without falling back to the routers/default DNS), I cannot manage to use the pihole as DNS. I can connect to the pi via tunnel (eg HTTP, SSH,..), and the Port 53 (for DNS) is opened in the firewall. I still cannot resolve any domainnames. Also, checking journalctl -xe on the pi does not show any hint that the device tried to connect/resolve.

I would really like to understand why this is not working and how it is supposed to work. I feel like I am missing something on how DNS works.

What would be the correct logfile to check here? Do you have any suggestions what I should try next?

EDIT:

DNS is setup per network device. Does my wlan0 device @192.168.0.024 know about the wg0 device and it’s address space @192.168.66.024? May this be the cause of the problem, that I try to resolve a request from wlan0 using a DNS over wg0?
If yes, how would I solve this?


Get this bounty!!!

#StackBounty: #domain-name-system #vpn Resolving one interface's (wlan0) request using DNS in another interface's (VPN) network

Bounty: 100

What I am trying to accomplish:

I have a WireGuard reverse VPN Setup that does not route my traffic, but lets me connect to my raspberry pi from within the Internet using a public server as "bridge".

I installed pihole on the raspberry pi. Now, I want to use the pi as DNS (over WireGuard) while sending the actual HTTP request from my actual device.

Basically, I want it to work like this:

192.168.0.x (wlan0@localhost) requests an URL. The DNS @192.168.66.z (pihole) resolves the URL and sends the IP back to 192.168.66.y (wg0@localhost). This answer is then used to send the HTTP request from 192.168.0.x (wlan0@localhost).

What I’ve tried:

Obviously, I have tried to enter the pi’s VPN-IP into NetworkManager. This has given me some headache as my Ubuntu (5.4.0-42-generic #46~18.04.1-Ubuntu) was always falling back to its default DNS (what I did not want even if the VPN DNS worked). I found a workaround provided by user2427436 on a SO thread here.

What the issue is:

While I can force the DNS to use (without falling back to the routers/default DNS), I cannot manage to use the pihole as DNS. I can connect to the pi via tunnel (eg HTTP, SSH,..), and the Port 53 (for DNS) is opened in the firewall. I still cannot resolve any domainnames. Also, checking journalctl -xe on the pi does not show any hint that the device tried to connect/resolve.

I would really like to understand why this is not working and how it is supposed to work. I feel like I am missing something on how DNS works.

What would be the correct logfile to check here? Do you have any suggestions what I should try next?

EDIT:

DNS is setup per network device. Does my wlan0 device @192.168.0.024 know about the wg0 device and it’s address space @192.168.66.024? May this be the cause of the problem, that I try to resolve a request from wlan0 using a DNS over wg0?
If yes, how would I solve this?


Get this bounty!!!

#StackBounty: #domain-name-system #vpn Resolving one interface's (wlan0) request using DNS in another interface's (VPN) network

Bounty: 100

What I am trying to accomplish:

I have a WireGuard reverse VPN Setup that does not route my traffic, but lets me connect to my raspberry pi from within the Internet using a public server as "bridge".

I installed pihole on the raspberry pi. Now, I want to use the pi as DNS (over WireGuard) while sending the actual HTTP request from my actual device.

Basically, I want it to work like this:

192.168.0.x (wlan0@localhost) requests an URL. The DNS @192.168.66.z (pihole) resolves the URL and sends the IP back to 192.168.66.y (wg0@localhost). This answer is then used to send the HTTP request from 192.168.0.x (wlan0@localhost).

What I’ve tried:

Obviously, I have tried to enter the pi’s VPN-IP into NetworkManager. This has given me some headache as my Ubuntu (5.4.0-42-generic #46~18.04.1-Ubuntu) was always falling back to its default DNS (what I did not want even if the VPN DNS worked). I found a workaround provided by user2427436 on a SO thread here.

What the issue is:

While I can force the DNS to use (without falling back to the routers/default DNS), I cannot manage to use the pihole as DNS. I can connect to the pi via tunnel (eg HTTP, SSH,..), and the Port 53 (for DNS) is opened in the firewall. I still cannot resolve any domainnames. Also, checking journalctl -xe on the pi does not show any hint that the device tried to connect/resolve.

I would really like to understand why this is not working and how it is supposed to work. I feel like I am missing something on how DNS works.

What would be the correct logfile to check here? Do you have any suggestions what I should try next?

EDIT:

DNS is setup per network device. Does my wlan0 device @192.168.0.024 know about the wg0 device and it’s address space @192.168.66.024? May this be the cause of the problem, that I try to resolve a request from wlan0 using a DNS over wg0?
If yes, how would I solve this?


Get this bounty!!!

#StackBounty: #domain-name-system #vpn Resolving one interface's (wlan0) request using DNS in another interface's (VPN) network

Bounty: 100

What I am trying to accomplish:

I have a WireGuard reverse VPN Setup that does not route my traffic, but lets me connect to my raspberry pi from within the Internet using a public server as "bridge".

I installed pihole on the raspberry pi. Now, I want to use the pi as DNS (over WireGuard) while sending the actual HTTP request from my actual device.

Basically, I want it to work like this:

192.168.0.x (wlan0@localhost) requests an URL. The DNS @192.168.66.z (pihole) resolves the URL and sends the IP back to 192.168.66.y (wg0@localhost). This answer is then used to send the HTTP request from 192.168.0.x (wlan0@localhost).

What I’ve tried:

Obviously, I have tried to enter the pi’s VPN-IP into NetworkManager. This has given me some headache as my Ubuntu (5.4.0-42-generic #46~18.04.1-Ubuntu) was always falling back to its default DNS (what I did not want even if the VPN DNS worked). I found a workaround provided by user2427436 on a SO thread here.

What the issue is:

While I can force the DNS to use (without falling back to the routers/default DNS), I cannot manage to use the pihole as DNS. I can connect to the pi via tunnel (eg HTTP, SSH,..), and the Port 53 (for DNS) is opened in the firewall. I still cannot resolve any domainnames. Also, checking journalctl -xe on the pi does not show any hint that the device tried to connect/resolve.

I would really like to understand why this is not working and how it is supposed to work. I feel like I am missing something on how DNS works.

What would be the correct logfile to check here? Do you have any suggestions what I should try next?

EDIT:

DNS is setup per network device. Does my wlan0 device @192.168.0.024 know about the wg0 device and it’s address space @192.168.66.024? May this be the cause of the problem, that I try to resolve a request from wlan0 using a DNS over wg0?
If yes, how would I solve this?


Get this bounty!!!

#StackBounty: #domain-name-system #vpn Resolving one interface's (wlan0) request using DNS in another interface's (VPN) network

Bounty: 100

What I am trying to accomplish:

I have a WireGuard reverse VPN Setup that does not route my traffic, but lets me connect to my raspberry pi from within the Internet using a public server as "bridge".

I installed pihole on the raspberry pi. Now, I want to use the pi as DNS (over WireGuard) while sending the actual HTTP request from my actual device.

Basically, I want it to work like this:

192.168.0.x (wlan0@localhost) requests an URL. The DNS @192.168.66.z (pihole) resolves the URL and sends the IP back to 192.168.66.y (wg0@localhost). This answer is then used to send the HTTP request from 192.168.0.x (wlan0@localhost).

What I’ve tried:

Obviously, I have tried to enter the pi’s VPN-IP into NetworkManager. This has given me some headache as my Ubuntu (5.4.0-42-generic #46~18.04.1-Ubuntu) was always falling back to its default DNS (what I did not want even if the VPN DNS worked). I found a workaround provided by user2427436 on a SO thread here.

What the issue is:

While I can force the DNS to use (without falling back to the routers/default DNS), I cannot manage to use the pihole as DNS. I can connect to the pi via tunnel (eg HTTP, SSH,..), and the Port 53 (for DNS) is opened in the firewall. I still cannot resolve any domainnames. Also, checking journalctl -xe on the pi does not show any hint that the device tried to connect/resolve.

I would really like to understand why this is not working and how it is supposed to work. I feel like I am missing something on how DNS works.

What would be the correct logfile to check here? Do you have any suggestions what I should try next?

EDIT:

DNS is setup per network device. Does my wlan0 device @192.168.0.024 know about the wg0 device and it’s address space @192.168.66.024? May this be the cause of the problem, that I try to resolve a request from wlan0 using a DNS over wg0?
If yes, how would I solve this?


Get this bounty!!!