i specify the problem and hope, that it would be clear now.
After some tries and settings and looking logs.
I get connection to the wireguard and see the connected client.
But if I look to the connection logs of my firewall (all rules are set) I see, that the VPN client connects to the websites via ICMP not TCP 80 or 443. So all connection from the client are ICMP and are droped.
So something goes wrong within the Brume 2. Maby I set wrong IPs or something like that?
Brume 2: 10.1.1.2 (start and end at the private network: 10.1.1.3 to 10.1.1.33
connected client: 10.1.1.3
Should the LAN IP address be different to the wireguard server IP?
Should I set WG-Server to 10.0.0.1 or smth like that and leave the Brume2 on 10.1.1.2?
I can update Brume 2 (4.2.1) and install plugins, so the Brume itself has internet connection and is not somehow blocked. Just the client can not use TCP connections to websites.
That’d be your public facing IP. It should be the same as seen @ ipleak.net .
The device may reject all incoming packets by default. I’d try pinging another computer/laptop on your LAN instead. You should be able to disable any firewall on it easily… as one less thing to get in the way of troubleshooting
It’s a good way to check everything logged but yeah, it can be a bit verbose. You can filter msgs. Eg: I use the GL GUI’s DNS over HTTPS (DOH) feature. It is provided by dnscrypt-proxy2. So logread -e "dnscrypt-proxy" gives me the output I’m looking for.
Can you post your wg show output, in full? Here’s what my VPN Client on a Slate AX shows connected to Surfshark:
root@GL-AXT1800:~# wg show
public key: [redacted]=
private key: (hidden)
listening port: 32
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 49 seconds ago
transfer: 1.69 GiB received, 503.36 MiB sent
persistent keepalive: every 25 seconds
(I would point out that, in WG, it is a misnomer to call it a ‘client/server’ architecture. It really is all just peer-to-peer but I agree w/ GL that it’s easier for people to understand client/server as if it was similar to OpenVPN.)
I can ping the firewall interface in the internal network, which serves as DNS
I can not copy between the VMs I use now using the terminal. I type just the things that differ in relevant way.
endpoint: IP of the client
allowed IPS: 10.0.0.3/32
latests handshake 1 hour ago (I tested it in that time).
So maybe the problem is “aloowed IPs”. The IP of the client is 10.0.0.3, but it should connect to another subnets.
#Edit: but if I look to the settings of the client, So I see allowed IPs 0.0.0.0/0. So that’s strange. 10.0.0.3/32 is set as the IP of the client. Allowed IPs is set to 0.0.0.0/0. But wg show shows 10.0.0.3/32 as allowed IPs
But if I connect with the smartphone now, I can not see “connected client” in the VPN dashboard. I just see “1 connected client (0 online)”
I have nothing really important on the Brume2. Just wanted to install wireguard on it, nothing else.
Yes, as it seems you use it as a client with some other WGserver. I want just to use it as a server within the network.
the problem is, that I want to use (or use) Brume2 in the DMZ of my ipfire. So I think, I will stole a lot of time from you, but maybe still have problems within the network. And I have no idea what is “Flint & Certa”
I will fite you. VIM is awesome… if you’re doing extreme amounts of conf editing/sysadmin/programming work & spend hours/days/week/months setting it up properly. Nano is my goto for the ‘quick & dirty’.
Now excuse me; you’re interrupting my coffee/smoke break.