WireGuard Client Handshake Successful, But No Internet Access

Technical Support for Routers VPN, DNS, Leaks
1

I'm running a WireGuard VPN server (Mango router) that has a public IPv6 address and a private IPv4 address. I've enabled both IPv4 and IPv6 forwarding on the server, and I've disabled the firewall. The clients are able to successfully handshake with the server, but they are unable to access the internet. However, if I use SSH dynamic forwarding with SOCKS, the client can access the internet.

Here are the details:

WireGuard Server Configuration:

interface: wg0
  public key: <server-public-key>
  private key: (hidden)
  listening port: 51820

peer: <client-public-key>
  endpoint: [<client-ipv6>]:23587
  allowed ips: 10.0.0.4/32, fd00:db8:0:abc::4/128
  latest handshake: 3 minutes, 22 seconds ago
  transfer: 155.39 KiB received, 31.10 KiB sent
  persistent keepalive: every 25 seconds

WireGuard Client Configuration:

[Interface]
PrivateKey = (hidden)
ListenPort = 23587
Address = 10.0.0.4/32, fd00:db8:0:abc::4/128
DNS = 8.8.8.8, 2001:4860:4860::8888

[Peer]
PublicKey = <server-public-key>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <server-domain>:51820
PersistentKeepalive = 25

Symptoms:

  • Clients can successfully establish a handshake with the server.
  • No internet access via the VPN, but internet access works when using SSH dynamic forwarding with SOCKS.

Steps Taken:

  • Enabled IPv4 and IPv6 forwarding on the server.
  • Disabled the firewall.

Any ideas on what could be causing this issue or how to troubleshoot it further?

I've also tried enabling and configuring the firewall with the following settings:

Firewall Settings:

config zone
    option name 'wan'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option input 'DROP'
    option masq6 '1'
    option network 'wan wan6 tethering'

config rule 'AllowWireguard'          
    option name 'Allow-Wireguard' 
    option target 'ACCEPT'        
    option src 'wan'               
    option proto 'udp tcp'                  
    option family 'any'            
    option dest_port '51820'      

config zone 'wireguard'                     
    option name 'wireguard'             
    option input 'ACCEPT'                  
    option forward 'DROP'                
    option output 'ACCEPT'                  
    option masq '1'               
    option mtu_fix '1'           
    option device 'wg0'          
    option masq6 '1'             

config forwarding 'wireguard_wan'         
    option src 'wireguard'            
    option dest 'wan'
2

Can you confirm that you read How to troubleshoot WireGuard and none of those steps helped you?

3

WireGuard Server have not support the IPv6. In the develop plan, kindly await.
Please use IPv4 address.