[General Issue]: Wireguard handshake successful but no traffic returns to client

Question

[General Issue]: Wireguard handshake successful but no traffic returns to client

d3cimate opened this issue 10 months ago · 6 comments

In raising this issue I confirm that

I have read the documentation
I have read and understood the PiVPN General Guidelines
I have read and understood the PiVPN Troubleshooting Guidelines
The issue I am reporting isn't a duplicate, see closed issues and open issues.
I have searched for similar issues and solutions
I can replicate the issue even after a clean OS installation

Describe the issue

Wireguard installed and client configured. When the client connects, the handshake is successful and pivpn recognizes that the client is connected. PiHole and tcpdump both show all client requests but the client cannot access LAN devices or the internet. pivpn -d shows no errors. This issue has happened multiple times before with the exact same behavior as described above. Tried installing both wireguard and openvpn to try and narrow down the problem but openvpn worked properly. Would rather use wireguard since, aside from this issue, it was perfect for me.

Expected behavior

Expected behavior is that the client is able to access LAN and internet.

Please describe the steps to replicate the issue

Unlikely that anyone can actually reproduce this issue but here are the steps:

Install PiVPN using the install script
Configure wireguard using the script
Create client file through PiVPN
Connect to Pi using wireguard

Have you taken any steps towards solving your issue?

Uninstall and reinstall PiVPN multiple times
Changing DNS
Different client
Different wireguard port
Install and test both wireguard and openvpn [openvpn works properly but wireguard still doesnt]

Screenshots

No response

Where did you run pivpn?

RaspberryPi

Please provide your output from `uname -a`

Linux raspberrypi 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux

Details about Operative System

PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"

Installation

Install was successful

Profile / Client creation

Client creation was successful

Debug output

:::: PiVPN debug ::::

:::: Latest commit ::::
Branch: master
Commit: `4446ea0`
Author: Dennis Roth
Date: Tue Jul 18 16:04:11 2023 +0200
Summary: add alpine container support

:::: Installation settings ::::
PLAT=Raspbian
OSCN=bullseye
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
dhcpReserv=1
IPv4addr=192.168.4.100/24
IPv4gw=192.168.4.1
install_user=pi
install_home=/home/pi
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=10.152.156.1
pivpnDNS2=
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=1
FORWARD_CHAIN_EDITED=1
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.152.156.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=()

:::: Server configuration shown below ::::
[Interface]
PrivateKey = server_priv
Address = 10.152.156.1/24
MTU = 1420
ListenPort = 51820

begin d

[Peer]
PublicKey = d_pub
PresharedKey = d_psk
AllowedIPs = 10.152.156.2/32

end d

=============================================
:::: Client configuration shown below ::::
[Interface]
PrivateKey = d_priv
Address = 10.152.156.2/24
DNS = 10.152.156.1

[Peer]
PublicKey = server_pub
PresharedKey = d_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0

:::: Recursive list of files in ::::
:::: /etc/wireguard shown below ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
d.conf

/etc/wireguard/keys:
d_priv
d_psk
d_pub
server_priv
server_pub

:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] Iptables INPUT rule set
:: [OK] Iptables FORWARD rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp

:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq

:::: WARNING: This script should have automatically masked sensitive ::::
:::: information, however, still make sure that PrivateKey, PublicKey ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this: ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::

:::: Debug complete ::::

Answer 1 · 2023-07-31T17:57:42.000Z

https://docs.pivpn.io/faq/#how-do-i-troubleshoot-connection-issues

Answer 2 · 2023-07-31T18:01:14.000Z

Hey, thanks for your reply. I followed the steps and none of them worked. pivpn -d returns no errors as shown above, wireguard is running since I am connected to it and both pihole and tcpdump show my requests and packets. Given all of this, everything should be working properly but I still have no access to LAN devices or the internet.

Answer 3 · 2023-08-07T20:47:53.000Z

Same problem. On two different vps. Hasn't been working for days. There was no such problem before. I've been using pivpn for a year and a half

Answer 4 · 2023-10-24T22:32:02.000Z

Same problem, client can't ping and access anything.

Answer 5 · 2023-11-18T12:29:30.000Z

With the latest update, it's working for a minute and stop working for routing to local network.

Answer 6 · 2024-04-06T09:16:43.000Z

Pre-archive closing, more information here