Trouble with wg-easy Wireguard Server (P.S. wg-easy is AMAZING!)

RevelRob · June 6, 2022, 7:10pm

So I’ve been testing this monster of a travel router and all has been going fairly well. See my other post about how my internet went down for 18 days and I had to repeat a signal from an impossible distance to provide multiple clients problem free wifi.

I am coming across my first real issue here.

I have a few Wireguard servers that I have been fiddling with:

PIA - Private Internet Access
UnRAID’s native Wireguard Plugin
pfSense VM on UnRAID (mainly to get familiar with pfSense)
wg-easy (a very simple Docker container that I run on a Ubuntu VM on UnRAID)

pfSense, UnRAID’s plugin & PIA (with some tweaking on the app since PIA doesn’t offer Wireguard Config files) all work fairly well. The problem I am having is with wg-easy.

A little background on wg-easy and why I really want it to work over just using anything else.
wg-easy is the ultimate road warrior WG Server in my opinion. It is a simple GUI based WG Server that I run on a completely isolated VLAN on my network so that I can very quickly create a new config on my phone from anywhere to give to any family members (or my devices) so that they can be protected whenever they use public Wifi anywhere in the world.

I can’t do this using the pfSense VM I made (I was hoping to when I spun it up) since the pfSense Wireguard package hasn’t developed enough to easily make any Configs/QR codes. It is very cumbersome.
I could use UnRAID’s native Wireguard Plugin; but that opens up my entire network to anyone I give a config to. I don’t really want to do that.

Here is the wg-easy GUI and the Shadow Wireguard Gui showing that it works with the Shadow and also works with my Brume-W and Opal without any issues:

Here is the Wireguard Client Log from the UI:

"Mon Jun  6 14:57:13 2022 daemon.notice netifd: Interface 'wgclient' is setting up now
Mon Jun  6 14:57:18 2022 daemon.notice netifd: wgclient (2708): Try again: `wireguard.myurl.com:51720'. Trying again in 1.00 seconds...\n"

That’s it. Nothing else.

This is the System Log:

Mon Jun  6 15:03:43 2022 daemon.info dnsmasq[5922]: exiting on receipt of SIGTERM
Mon Jun  6 15:03:43 2022 daemon.notice netifd: Interface 'wgclient' is now down
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: Connected to system UBus
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: started, version 2.85 cachesize 150
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: DNS service limited to local subnets
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: UBus support enabled: connected to system bus
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq-dhcp[21862]: DHCP, IP range 192.168.9.100 -- 192.168.9.249, lease time 12h
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq-dhcp[21862]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain test
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain onion
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain localhost
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain local
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain invalid
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain bind
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain lan
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: reading /tmp/resolv.conf.d/resolv.conf.auto
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain test
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain onion
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain localhost
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain local
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain invalid
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain bind
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using only locally-known addresses for domain lan
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using nameserver 64.71.255.204#53
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: using nameserver 64.71.255.198#53
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: read /etc/hosts - 4 addresses
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq[21862]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Mon Jun  6 15:03:49 2022 daemon.info dnsmasq-dhcp[21862]: read /etc/ethers - 0 addresses
Mon Jun  6 15:03:51 2022 daemon.notice netifd: Interface 'wgclient' is setting up now
Mon Jun  6 15:03:51 2022 daemon.info dnsmasq[21862]: exiting on receipt of SIGTERM
Mon Jun  6 15:03:56 2022 daemon.notice netifd: wgclient (21990): Try again: `wireguard.myurl.com:51720'. Trying again in 1.00 seconds...
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: Connected to system UBus
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: started, version 2.85 cachesize 150
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: DNS service limited to local subnets
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: UBus support enabled: connected to system bus
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq-dhcp[22468]: DHCP, IP range 192.168.9.100 -- 192.168.9.249, lease time 12h
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq-dhcp[22468]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain test
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain onion
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain localhost
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain local
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain invalid
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain bind
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain lan
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: reading /tmp/resolv.conf.d/resolv.conf.auto
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain test
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain onion
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain localhost
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain local
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain invalid
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain bind
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using only locally-known addresses for domain lan
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using nameserver 64.71.255.204#53
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: using nameserver 64.71.255.198#53
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: read /etc/hosts - 4 addresses
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq[22468]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Mon Jun  6 15:03:59 2022 daemon.info dnsmasq-dhcp[22468]: read /etc/ethers - 0 addresses

Thanks. Any help would be appreciated!

antifascista · June 6, 2022, 7:40pm

Hi, I use WG-easy on state ax. I had to input my config manually using Item mode instead of template mode.

RevelRob · June 6, 2022, 8:45pm

I’m glad someone else is using it!
So I tried entering the config via text mode and also via item mode but I still can’t get it to handshake.
I did notice that the GL.iNet GUI keeps trying to enter a random ListenPort under [Interface] and won’t keep the PersistentKeepalive = 0 under [Peer].
I’m not sure if those matter at all.
I am not sure what I’m doing wrong here.

antifascista · June 6, 2022, 9:09pm

Have you set passphrase key in the box?

RevelRob · June 6, 2022, 10:11pm

Preshared key? Yes I have.
Here is what my configuration looks like with the private stuff cut out of course:
Screen Shot 2022-06-06 at 6.10.47 PM

RevelRob · June 7, 2022, 12:22am

I think I figured it out. I changed PersistentKeepalive = 25 and it works. Interesting. Thanks for your help by the way.

alzhao · June 8, 2022, 8:34am

When using Wireguard on the router, keepalive must be non-zero.

antifascista · June 8, 2022, 11:53am

Hi, my keepalive for WG-easy is 0 or empty and runs fine but I have to input conf manually in item mode.
In StrongVPN I can input conf in item mode but dns resolution is not good.
I use vpn policies by domain name “not use vpn for”.