Connection works, ping does not

Mon Nov 23 18:02:55 CET 2020

Hi Hendrik,

Could it be that some kind of firewall is restricting UDP traffic to your other server?

E.g. could you try to run `mtr --udp [other server's public IP address]` on your computer (while disabling your other WireGuard connection, if applicable) and report back whether there is any kind of packet loss?

If not, you may wish to check whether the port on the machine is reachable, e.g. by running `nc -v -l -u -p 12345` on your server and then executing `echo test | nc -u [server's IP] 12345`, to check whether the message arrives at the server.

Best,

Max

On 20/11/22 07:39pm, Hendrik Friedel wrote:
> Hello,
> 
> (I posted this a while ago, but it never appeared on the list; if the list is the wrong place for this question, please let me know; I would appreciate a hint for a more appropriate place)
> 
> I am using wireguard to connect two machines.
> My local server is connected  to the internet via a router. I am using theis Server also for connecting other devices (e.g. mobile phones) to my home network. This works great.
> 
> But when connecting to another server (both debian 10), I only get a successful connection, but no ping.
> *My server:*
> 
> wg show
> interface: wgnet0
>   public key: xxxxx=
>   private key: (hidden)
>   listening port: 51820
> 
> peer: sdfsdfsdfsdfsdfsdf=
>   endpoint: 109.41.64.83:15167
>   allowed ips: 10.192.122.2/32
>   latest handshake: 1 minute, 7 seconds ago
>   transfer: 10.95 MiB received, 40.35 MiB sent
> 
> peer: yyyy=
>   endpoint: 185.22.142.254:51380
>   allowed ips: 10.192.122.3/32
>   transfer: 0 B received, 5.20 KiB sent
> 
> peer: yyyy=
>   endpoint: 93.214.229.137:64119
>   allowed ips: 10.192.122.4/32
> 
> peer: yyyy=
>   endpoint: 93.214.225.116:49819
>   allowed ips: 10.192.122.5/32
> 
> peer: yyyy=
>   allowed ips: 10.192.122.6/32
> 
> peer: yyyy=
>   allowed ips: 10.192.122.7/32
> 
> 
> more /etc/wireguard/wgnet0.conf
> [Interface]
> Address = 10.192.122.1/24
> SaveConfig = true
> PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
> ListenPort = 51820
> PrivateKey = aaa=
> 
> [Peer]
> PublicKey = yyyy=
> AllowedIPs = 10.192.122.2/32
> Endpoint = 123.41.67.233:18314
> 
> [Peer]
> PublicKey = xxx=
> AllowedIPs = 10.192.122.3/32
> Endpoint = 123.22.142.254:51380
> 
> 
> 
> 
> 
> ip route
> default via 192.168.177.1 dev eth0 proto static
> 10.192.122.0/24 dev wgnet0 proto kernel scope link src 10.192.122.1
> 
> and the other side/server:
> 
> interface: wgnet0
>   public key: xxxxx=
>   private key: (hidden)
>   listening port: 54004
>   fwmark: 0xca6c
> 
> peer: yyyyy=
>   endpoint: [2003:cb:aaa:bbb:9ec7:a6ff:fefd:3a6d]:51820
>   allowed ips: 0.0.0.0/0
>   transfer: 0 B received, 2.75 KiB sent
>   persistent keepalive: every 25 seconds
> 
> 
> 
>   more wgnet0.conf
> [Interface]
> Address = 10.192.122.3/32
> PrivateKey = xxxxx=
> 
> [Peer]
> PublicKey = yyyyy=
> Endpoint = v.myfritz.net:51820
> AllowedIPs = 0.0.0.0/0
> PersistentKeepalive = 25
> 
> It seems to me, that the connection is successfully established , but data is only transmitted in one direction.
> 
> How can I find the reason?
> 
> Regards,
> Hendrik
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20201123/785cc20a/attachment.asc>