[General Issue]: WireGuard PiVPN No Response Packages from Server

[pandancode]

In raising this issue I confirm that

• I have read the documentation
• I have read and understood the PiVPN General Guidelines
• I have read and understood the PiVPN Troubleshooting Guidelines
• The issue I am reporting isn't a duplicate, see closed issues and open issues.
• I have searched for similar issues and solutions
• I can replicate the issue even after a clean OS installation

Describe the issue

I have PiVPN running on my RPI400 with Ubuntu with noip.

PiVPN has worked reasonably well on wlan0 for a few weeks but I installed a Tapo wifi socket in order to hard reset the router / pi remotely from time to time. Now...I'm just trying to make it work (via fresh install) on again and am failing

I generally followed this guide for the set up.

I appreciate that the preferred way was to re-install PiVPN (which I have done multiple times anyways - by now) + also port forwarding should be reconfigured on the router (192.168.1.130 for wlan0).

The strange thing is that this VPN setup was working fine (tested on cellular, remote client) up until but suddenly stopped working this morning.

Expected behavior

The expected behavior was that the VPN client could connect and would pass through data. Now, it "connects" but never appears to get any response from the server.

Please describe the steps to replicate the issue

1. Installed PiVPN as per this guide plus noip setup
2. Created profile, connecting via iPhone WireGuard client

Have you taken any steps towards solving your issue?

I have re-installed PiVPN a few times, created new profiles, but always get the same tcpdump of no packages.

As you can see, there appears to be only incoming traffic but no response from the Pi

Somewhat similarly for wlan0

$ sudo -s
RPI400# tcpdump -n -i wlan0 udp port 51820
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel

Screenshots

I thought this could be an ufw issue but I think it's configured correctly

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
51820/udp                  ALLOW IN    Anywhere                   # allow-wireguard
22/tcp                     ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
51820/udp (v6)             ALLOW IN    Anywhere (v6)              # allow-wireguard

Anywhere on eth0           ALLOW FWD   10.112.235.0/24 on wg0
Anywhere on wlan0          ALLOW FWD   10.117.250.0/24 on wg0

The wlan0 adapter

$ ip -f inet address show wlan0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.1.194/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
       valid_lft 86080sec preferred_lft 86080sec

ufw seems to be fine

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
51820/udp                  ALLOW       Anywhere                   # allow-wireguard
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
51820/udp (v6)             ALLOW       Anywhere (v6)              # allow-wireguard

Anywhere on wlan0          ALLOW FWD   10.172.98.0/24 on wg0
Anywhere on wlan0          ALLOW FWD   10.117.250.0/24 on wg0

Client access is logged but...nothing is being sent back:

pivpn -c
::: Connected Clients List :::
Name          Remote IP                  Virtual IP                                Bytes Received      Bytes Sent      Last Seen
testtest      [REDACTED].253:60588      10.172.98.2,fd11:5ee:bad:c0de::2/128      34KiB               652B            Jun 22 2023 - 15:50:31
::: Disabled clients :::

Where did you run pivpn?

RaspberryPi

Please provide your output from uname -a

Linux RPI400 5.15.0-1032-raspi #35-Ubuntu SMP PREEMPT Wed Jun 7 16:00:54 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux

Details about Operative System

PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Installation

No response

Profile / Client creation

No response

Debug output

::: Generating Debug Output
[sudo] password for rpi400:
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::
Branch: master
Commit: 4032a55c80f25b51419180eda93f44d579ab79e9
Author: 4s3ti
Date: Wed Mar 29 14:54:19 2023 +0200
Summary: docs(issues): Remove old markdown template
=============================================
::::        Installation settings        ::::
PLAT=Ubuntu
OSCN=jammy
USING_UFW=1
IPv4dev=wlan0
IPv6dev=wlan0
install_user=rpi400
install_home=/home/rpi400
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=9.9.9.9
pivpnDNS2=149.112.112.112
pivpnHOST=REDACTED
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.172.98.0
subnetClass=24
pivpnenableipv6=1
pivpnNETv6="fd11:5ee:bad:c0de::"
subnetClassv6=64
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=()
=============================================
::::  Server configuration shown below   ::::
[Interface]
PrivateKey = server_priv
Address = 10.172.98.1/24,fd11:5ee:bad:c0de::1/64
MTU = 1420
ListenPort = 51820
### begin testtest ###
[Peer]
PublicKey = testtest_pub
PresharedKey = testtest_psk
AllowedIPs = 10.172.98.2/32,fd11:5ee:bad:c0de::2/128
### end testtest ###
=============================================
::::  Client configuration shown below   ::::
[Interface]
PrivateKey = testtest_priv
Address = 10.172.98.2/24,fd11:5ee:bad:c0de::2/64
DNS = 9.9.9.9, 149.112.112.112

[Peer]
PublicKey = server_pub
PresharedKey = testtest_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
=============================================
::::    Recursive list of files in       ::::
::::    /etc/wireguard shown below       ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
testtest.conf

/etc/wireguard/keys:
server_priv
server_pub
testtest_priv
testtest_psk
testtest_pub
=============================================
::::            Self check               ::::
:: [OK] IP forwarding is enabled
:: [OK] Ufw is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] Ufw input rule set
:: [OK] Ufw forwarding rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: WARNING: This script should have automatically masked sensitive       ::::
:::: information, however, still make sure that PrivateKey, PublicKey      ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this:                  ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe                          ::::
=============================================
::::            Debug complete           ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::