0

I have a wireguard configuration; client is a server on digital ocean and server is somewhere else. Not in digital ocean. I have the below wireguard config for server and client:

Server side:

[Interface]
Address = 10.15.15.1/24
ListenPort = 51824
PrivateKey = ********private key of server
PostUp = ip link set wg5000 master TEST1


[Peer]
PublicKey = *******pub key of client
AllowedIPs = 10.15.15.0/24
PersistentKeepalive = 25

client:

[Interface]
Address = 10.15.15.2/32
ListenPort = 51824
PrivateKey = ******privaet key of client


[Peer]
Endpoint = public_ip_of_server:51824
PublicKey = *************pub key of server
AllowedIPs = 10.15.15.0/24
PersistentKeepalive = 25

Ping from client to server: ping 10.15.15.1 times out ping from server to client: destination host unreachable.

wg show command on server:

   interface: wg5000 
    public key: ************************** 
    private key: (hidden) 
    listening port: 51824 
    peer: ********************************** 
    allowed ips: 10.15.15.0/24 
    persistent keepalive: every 30 seconds

client:

interface: wg5000   
publickey:****************************************   
private key: (hidden) 
listening port: 51824 
peer: *******************************
endpoint:public ip of server:51824   
allowed ips: 10.15.15.0/24
transfer: 0 B received, 444 B sent persistent keepalive: every 30 seconds

Can any one help me understand how to make this work without adding endpoint on peer section in server?

Ajai
  • 1
  • What kind of IP address is the Peer (behind a router, a NAT)? 2) Add PersistentKeepalive = 30 to the peer to keep connections up once established.
    • – John Hanley Apr 14 '21 at 23:23
  • Hi John, Thanks. Peer is a public ip. What I am trying to do is , take the 10.15.15.0/24 subnet, first IP, which is 10.15.15.1 , is taken as the wireguard interface on the server and 10.15.15.2 is taken as the wireguard interface on the client. The problem with my config is that without adding endpoint of peer in the server section, my ping doesn't work from each side. When I add the endpoint for peer in server configuration, the ping works from both sides. I don't what to add the peer endpoint in the server section. – Ajai Apr 15 '21 at 19:24
  • wg show command on server: interface: wg5000 public key: &&&&&&&&&&&&&&&&& private key: (hidden) listening port: 51824

    peer: ********************************** allowed ips: 10.15.15.0/24 persistent keepalive: every 30 seconds

    client: interface: wg5000 public key: **************************************** private key: (hidden) listening port: 51824

    peer: ******************************* endpoint: public ip of server:51824 allowed ips: 10.15.15.0/24 transfer: 0 B received, 444 B sent persistent keepalive: every 30 seconds

     – Ajai Apr 15 '21 at 20:23
  • Add details like your last comment to the question to make reading easier. – John Hanley Apr 15 '21 at 20:29
  • Added. Eventhough I modified, PersistentKeepalive = 30. The output Is the same. Cant ping from either side – Ajai Apr 15 '21 at 22:18
  • Invest the time to properly edit and format your questions. Your new edit is very hard to read. Compare with the changes I made to your question. This might help you: https://stackoverflow.com/help/formatting – John Hanley Apr 15 '21 at 22:21
  • @JohnHanley sorry about that. I have made some changes. I think It looks better now. – Ajai Apr 15 '21 at 23:05
  • I dont know if this is important to your problem but in your server config I miss lines to setup your firewall to forward and masquerade the traffic: PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <devname> s0 -j MASQUERADE and PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o <devname> s0 -j MASQUERADE and perhaps your have to activate net.ipv4.ip_forward=1 in your /etc/sysctl.conf too. – AlexOnLinux May 10 '21 at 22:55