pivpn/pivpn

[General Issue]: No data received on client devices

npburns224 opened this issue · 2 comments

npburns224 commented

In raising this issue I confirm that

Describe the issue

I am unable to receive any data when the VPN is enabled on my client devices.

Running pivpn -c shows my client as having never connected (not seen), but I can see a successful conversation occurring when running a packet capture per the packet capture section of the How do I troubleshoot connection issues? guide.

Expected behavior

Data is able to be sent/received when the VPN is enabled.

Please describe the steps to replicate the issue

  1. Enable the Wireguard VPN tunnel on a client device.
  2. Observe that no data is ever received.

Have you taken any steps towards solving your issue?

To begin troubleshooting, I performed the following steps:

  1. Re-flashed my router's firmware (GL-B1300) and proceeded with stock settings.
  2. Wiped my Raspberry Pi and flashed a fresh copy of Raspberry Pi OS Lite (64-bit).
  3. Assigned my Raspberry Pi a static IP address using my router's web interface.
  4. Performed a fresh installation and setup of PiVPN (Wireguard).
  5. Made sure I was forwarding the correct port (51820).

When the issue persisted, I proceeded to follow the steps outlined in the How do I troubleshoot connection issues? guide, but all of the tests appear to have passed. Entering manual values for the MTU in the Wireguard app didn't seem to help either.

Here are the all the outputs resulting from the commands listed in the connection troubleshooting guide:

pi@raspberrypi:~ $ pivpn -d
::: Generating Debug Output
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::
Branch: master
Commit: a85d3752ef94ed1aaad70ba6d483f93583152eca
Author: Orazio
Date: Wed Dec 13 18:09:55 2023 +0100
Summary: fix(scripts): disallow using server's name as client name (#1791)
=============================================
::::        Installation settings        ::::
PLAT=Debian
OSCN=bookworm
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
dhcpReserv=1
IPv4addr=192.168.1.8/24
IPv4gw=192.168.1.1
install_user=pi
install_home=/home/pi
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.228.122.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=()
=============================================
::::  Server configuration shown below   ::::
[Interface]
PrivateKey = server_priv
Address = 10.228.122.1/24
MTU = 1420
ListenPort = 51820
### begin test ###
[Peer]
PublicKey = test_pub
PresharedKey = test_psk
AllowedIPs = 10.228.122.2/32
### end test ###
=============================================
::::  Client configuration shown below   ::::
[Interface]
PrivateKey = test_priv
Address = 10.228.122.2/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = server_pub
PresharedKey = test_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
=============================================
::::    Recursive list of files in       ::::
::::    /etc/wireguard shown below       ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
test.conf

/etc/wireguard/keys:
server_priv
server_pub
test_priv
test_psk
test_pub
=============================================
::::            Self check               ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled 
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: WARNING: This script should have automatically masked sensitive       ::::
:::: information, however, still make sure that PrivateKey, PublicKey      ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this:                  ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe                          ::::
=============================================
::::            Debug complete           ::::
::: 
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
::: 
pi@raspberrypi:~ $ sudo systemctl restart wg-quick@wg0
pi@raspberrypi:~ $ lsmod | grep wireguard
wireguard              73728  0
libchacha20poly1305    16384  1 wireguard
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             28672  1 wireguard
libcurve25519_generic    40960  1 wireguard
ipv6                  561152  29 wireguard
pi@raspberrypi:~ $ cat /etc/pivpn/wireguard/setupVars.conf
PLAT=Debian
OSCN=bookworm
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
dhcpReserv=1
IPv4addr=192.168.1.8/24
IPv4gw=192.168.1.1
install_user=pi
install_home=/home/pi
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnHOST=[PUBLIC_IP_ADDRESS]
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.228.122.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=()
pi@raspberrypi:~ $ ip -f inet address show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0
       valid_lft 42497sec preferred_lft 42497sec
pi@raspberrypi:~ $ curl -s https://checkip.amazonaws.com
73.232.6.151
pi@raspberrypi:~ $ dig +short [DUCK_DNS_ADDRESS]
[PUBLIC_IP_ADDRESS]
pi@raspberrypi:~ $ sudo -s
root@raspberrypi:/home/pi# tcpdump -n -i eth0 udp port 51820
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:32:27.959541 IP 107.127.38.65.64983 > 192.168.1.8.51820: UDP, length 148
23:32:27.963176 IP 192.168.1.8.51820 > 107.127.38.65.64983: UDP, length 92
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
root@raspberrypi:/home/pi# exit
exit
pi@raspberrypi:~ $ pivpn -c
::: Connected Clients List :::
Name      Remote IP                Virtual IP        Bytes Received      Bytes Sent      Last Seen
test      107.127.38.65:64983      10.228.122.2      148B                92B             (not yet)
::: Disabled clients :::
pi@raspberrypi:~ $

Screenshots

Here are my port forward settings:
Router port forward settings

Here's what I see in the Wireguard app:
Wireguard app

Where did you run pivpn?

Raspberry Pi 4B

Please provide your output from uname -a

Linux raspberrypi 6.1.0-rpi7-rpi-v8 #1 SMP PREEMPT Debian 1:6.1.63-1+rpt1 (2023-11-24) aarch64 GNU/Linux

Details about Operative System

PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Installation

No response

Profile / Client creation

No response

Debug output

pi@raspberrypi:~ $ pivpn debug
::: Generating Debug Output
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::
Branch: master
Commit: a85d3752ef94ed1aaad70ba6d483f93583152eca
Author: Orazio
Date: Wed Dec 13 18:09:55 2023 +0100
Summary: fix(scripts): disallow using server's name as client name (#1791)
=============================================
::::        Installation settings        ::::
PLAT=Debian
OSCN=bookworm
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
dhcpReserv=1
IPv4addr=192.168.1.8/24
IPv4gw=192.168.1.1
install_user=pi
install_home=/home/pi
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.228.122.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=()
=============================================
::::  Server configuration shown below   ::::
[Interface]
PrivateKey = server_priv
Address = 10.228.122.1/24
MTU = 1420
ListenPort = 51820
### begin test ###
[Peer]
PublicKey = test_pub
PresharedKey = test_psk
AllowedIPs = 10.228.122.2/32
### end test ###
=============================================
::::  Client configuration shown below   ::::
[Interface]
PrivateKey = test_priv
Address = 10.228.122.2/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = server_pub
PresharedKey = test_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
=============================================
::::    Recursive list of files in       ::::
::::    /etc/wireguard shown below       ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
test.conf

/etc/wireguard/keys:
server_priv
server_pub
test_priv
test_psk
test_pub
=============================================
::::            Self check               ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled 
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: WARNING: This script should have automatically masked sensitive       ::::
:::: information, however, still make sure that PrivateKey, PublicKey      ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this:                  ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe                          ::::
=============================================
::::            Debug complete           ::::
::: 
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::
nilroe commented

same problem here

I do connect and can access local resources via IP with my andoid phone (i've an openmediavault on my local network and i can acces the web via IP) but cannot navigate internet

image

root@piserver:/home/conde# pivpn -d
::: Generating Debug Output
:::: PiVPN debug ::::

:::: Latest commit ::::
Branch: master
Commit: a85d375
Author: Orazio
Date: Wed Dec 13 18:09:55 2023 +0100
Summary: fix(scripts): disallow using server's name as client name (#1791)

:::: Installation settings ::::
PLAT=Debian
OSCN=bookworm
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=end0
IPv4addr=192.168.100.5/24
IPv4gw=192.168.100.1
useNetworkManager=true
install_user=conde
install_home=/home/conde
VPN=wireguard
pivpnPORT=51822
pivpnDNS1=192.168.100.1
pivpnDNS2=8.8.8.8
pivpnHOST=eorlia.ddns.net
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1410
pivpnDEV=wg0
pivpnNET=10.236.202.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=(git dnsutils grepcidr bsdmainutils iptables-persistent wireguard-tools qrencode unattended-upgrades)

:::: Server configuration shown below ::::
[Interface]
PrivateKey = server_priv
Address = 10.236.202.1/24
MTU = 1420
ListenPort = 51822

begin conde

[Peer]
PublicKey = conde_pub
PresharedKey = conde_psk
AllowedIPs = 10.236.202.2/32

end conde

=============================================
:::: Client configuration shown below ::::
[Interface]
PrivateKey = conde_priv
Address = 10.236.202.2/24
DNS = 8.8.8.8, 8.8.4.4

[Peer]
PublicKey = server_pub
PresharedKey = conde_psk
Endpoint = REDACTED:51822
AllowedIPs = 0.0.0.0/0, ::0/0

:::: Recursive list of files in ::::
:::: /etc/wireguard shown below ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
conde.conf

/etc/wireguard/keys:
conde_priv
conde_psk
conde_pub

=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51822/udp

:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq

:::: WARNING: This script should have automatically masked sensitive ::::
:::: information, however, still make sure that PrivateKey, PublicKey ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this: ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::

:::: Debug complete ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::

on my client
image

dom134 commented

Hello, this affects me as well, running ubuntu on a Pi4

::: Generating Debug Output
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
Branch: master
Commit: a85d375
Author: Orazio
Date: Wed Dec 13 18:09:55 2023 +0100
Summary: fix(scripts): disallow using server's name as client name (#1791)
=============================================
:::: Installation settings ::::
PLAT=Ubuntu
OSCN=jammy
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
install_user=MyUser
install_home=/home/MyUser
VPN=wireguard
pivpnPORT=11184
pivpnDNS1=8.8.8.8
pivpnDNS2=8.8.4.4
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.143.170.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=(dnsutils grepcidr bsdmainutils iptables-persistent wireguard-tools qrencode)