1

I'm trying to figure out how to fix my remote access issue between the wireguard server and the client machines.

I configured an Ubuntu PC as a Wireguard server. And another Ubuntu PC configured as a Wireguard Client.

When the both machine is connected to the same WiFi, they can ping each other's VPN IP addresses. The problem is that when the client connects to a different network (e.g. my iphone’s personal hotspot) to test remote access, I lose the internet connection from the client side, and I cannot ping the wireguard server pc either and vice versa.

The steps I followed:

Server configuration (/etc/wireguard/wg0.conf):

[Interface]
PrivateKey = server-privatekey
Address = 10.0.0.1/32
ListenPort = 51820

PostUp = iptables -w -t nat -A POSTROUTING -o wlp0s20f3 -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o wlp0s20f3 -j MASQUERADE
PostDown = iptables -w -t nat -D POSTROUTING -o wlp0s20f3 -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o wlp0s20f3 -j MASQUERADE

[Peer]
PublicKey = client-publickey
AllowedIPs = 10.0.0.2/32
  • wlp0s20f3 is my public interface on the server side.

I also followed the steps below on the server side:

  • Enable packet forwarding for ipv4 by uncommenting the line. $ sudo nano /etc/sysctl.conf net.ipv4.ip_forward=1

  • Allow 51820/udp port for firewall. $ sudo ufw allow 51820/udp

  • Add a rule to allow port forwarding in the TP-Link router dashboard: Wireguard Server Internal IP (192.168…), internal/external port: 51820/udp

Client configuration (etc/wireguard/wg0.conf):

Address = 10.0.0.2/24
PrivateKey = <client-privatekey>

[Peer]
PublicKey = <server-publickey>
Endpoint = <server-public-ip-address>:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 20

I obtain the server-public-ip-address using: $ curl ipv4.icanhazip.com

Wireguard activation both sides: $ sudo wg-quick up wg0

Then I try to verify the connection by pinging each other’s vpn address: From client: $ ping 10.0.0.1 From server: $ ping 10.0.0.2

Issue:

Same Network: Works (both PCs can ping each other).

Different Network: Client loses internet connection and cannot ping the server.

What could be causing the client to lose its internet connection and fail to ping the server when on a different network? How can I fix this issue to enable remote access?

Improve this question
1
  • In case it's still relevant: Does the IP address reported by your router match the one reported by websites?
    – grawity
    Commented Sep 3 at 14:16

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .