Hello everyone
I am trying to set up wireguard on a Linux server
(Ubuntu 18.04) and I am having some issues. The
configuration of the server:
[Interface]
ListenPort = 51820
PrivateKey = UbuntuPrivateKey
# the laptop I want to connect from
[Peer]
# this public key is derived from the laptop's
private key LaptopPrivateKey
PublicKey =
kExj276RLpqCZoDdOYHiq4FQHKA94y0eY1W/ptvT2y4=
Bringing up the wg0 interface via wg-quick is OK:
root@srv ~# wg
interface: wg0
public key:
A7MreEBC3maH305tVrU0HEoQrBhy+An6KlvZ+z9KFRA=
private key: (hidden)
listening port: 51820
peer:
kExj276RLpqCZoDdOYHiq4FQHKA94y0eY1W/ptvT2y4=
I have a client peer configured as well:
[Interface]
ListenPort = 51820
PrivateKey = LaptopPrivateKey
# the server I want to connect to
[Peer]
# this public key is derived from the server's
private key UbuntuPrivateKey
PublicKey =
A7MreEBC3maH305tVrU0HEoQrBhy+An6KlvZ+z9KFRA=
# Address of the server
# Send periodic keepalives to ensure connection
stays up behind NAT.
PersistentKeepalive = 25
When connecting from the client, I see handshake
packets leaving it, and arriving on the server - on
its external interface:
root@srv ~# tcpdump -i eth0 port 51820 -vvv -X
tcpdump: listening on br0, link-type EN10MB
(Ethernet), capture size 262144 bytes
10:35:29.386976 IP (tos 0x0, ttl 115, id 17333,
offset 0, flags [none], proto UDP (17), length 176)
91-244-238-14.rev.ltt.li.59958 >
srv.swtk.info.51820: [udp sum ok] UDP, length 148
0x0000: 4500 00b0 43b5 0000 7311 eeda
5bf4 ee0e E...C...s...[...
0x0010: c0a8 0a02 ea36 ca6c 009c 98e7
0100 0000 .....6.l........
0x0020: ac50 0f85 6ead 67f6 2c38 4b74
43c4 6388 .P..n.g.,8KtC.c.
0x0030: f594 1886 6699 f439 183e ad2b
0e02 4e13 ....f..9.>.+..N.
0x0040: c1a8 d14a f1c6 8d13 1f98 8c2c
6cfd dbf6 ...J.......,l...
0x0050: 9f2f 8d35 9073 bad1 ddd7 927e
0552 aadf ./.5.s.....~.R..
The same tcpdump command ran against wg0 does not
show any traffic (but maybe this is normal?)
The client keeps on sending handshake packets.
Q1: is there anything I should do in order for the
packets to reach wg0, or do they reach it but I just
do not see that with tcpdump (sorry, I am not well
versed with virtual interfaces)
Q2: if there is nothing more to do than a wg-quick,
is there a way to debug the server to understand what
happens with this handshake packet (= it is rejected
because ...)
Thanks!