this post was submitted on 28 Feb 2024
14 points (88.9% liked)

homelab

6585 readers
2 users here now

founded 4 years ago
MODERATORS
 

EDIT: It seems something is causing my wireguard hanshake to fail. I can't find much on this particular error except "try rebooting the wg server". I rebooted everything, and I can't get it to connect unless the clients are already connected to the home wifi.

So I installed wg-easy on my one of my virtual machines on my proxmox "homelab". It seems to be working, and I installed the client wireguard-tools on my phone (via app), and on my laptop (EndeavorOS), and on my minecraft server (mineOS also in proxmox).

The web client for wg-easy shows all 3 clients connected and transmitting data.

I used my routers app to open the port to the wg-easy server.

I attempted to use my phone's cell network to pretend like I am not home, and simply ping my minecraft server. I tried with the wg ip (10.8.0.x) and I tried pinging the normal wlan ip (192.168.x.x). Neither work. I'm really confused as to why this simple test didn't work. The documentation on wireguard's site is pretty sparse when it comes to testing your own setup. Doe anyone have any resource to help me understand how this should work?

Side note: I have to have wireguard installed on every computer in my home network if I want to be able to reach them, correct?

other side note: If I wanted to reach my minecraft webUI (mineOS) from outside my network, what address should I use?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago (3 children)

Did you open the appropriate port on your firewall and make sure you’re forwarding that port properly?

Does the PC that’s the WG server have a static IP setup?

Is that static IP in question 2 the same as what you’re forwarding the port to in question 1?

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (2 children)

For your first question: I went to https://www.portchecktool.com/ and found that the connection is being refused. So I think this is the issue. I will have to dig in a bit more, but I do believe the answer to your 2nd and 3rd question are - yes.

[–] [email protected] 3 points 8 months ago (1 children)

Wanted to help you potentially avoid a wild goose chase—port checking tools won’t detect a wireguard port as open…it’s specifically designed to not advertise its presence for security purposes. Bad handshake requests are ignored, making it look like a firewall DROP rule.

[–] [email protected] 1 points 8 months ago

Oh wow. That is a good tip. Because that could drive someone like me insane. (Un)fortunately— I know there’s an issue. Any traffic I pass through my wg vpn ends up nowhere. So I know the tragic is being redirected, but I can’t tell where or why it doesn’t make it inside my home network.

Either way, I got Tailscale to work right out the rip, so I’m just rocking that until I have more time to tinker with WG.