[PLUG] Wireguard on ubuntu 24.04 - no network connectivity

Russell Senior russell at personaltelco.net
Sun Jan 12 17:51:08 UTC 2025


I'm *NOT* a wg expert.

I took a look at your wg-quick log (i'm assuming that list is a log of
the commands run by wg-quick), and noticeds a couple things:

a) some of those commands are creating an alternate routing table
(51820) and directing (through ip rule) some packets to use that
alternate table. It might be worthwhile to look at the routes in that
table. Somthing like ip route show table all, or ip route show table
51820.

b) [#] nft -f /dev/fd/63
  I am also not an nftables expert, but that looks like it is reading
nft commands from a socket. So, looking at the state of nftables rules
is probably worthwhile. Something like: nft list tables

-- 
Russell Senior
russell at personaltelco.net

On Sat, Jan 11, 2025 at 7:23 PM Tomas Kuchta
<tomas.kuchta.lists at gmail.com> wrote:
>
> Any wireguard experts here?
> I cannot get network traffic through wireguard on Ubuntu 24.04.
> I have been failing to resolve this and resorted to connecting through my
> android Wireguard
>
> 1. the server is working - it works like a charm on my android phone
> 2. WG handshake is fine - it connects
> 3. I disabled firewall by: sudo ufw disable - to no effect
> 4. I have long given up on google because:
>    a) most posts are parroting someone without understanding networking
>    b) competent posts assume pretty advanced networking knowledge or
> windows or bsd or ....
>
> the setup:
> -------------
> sudo ls -l /etc/wireguard/wg0.conf
> -rw------- 1 root root 266 Jan 11 20:56 /etc/wireguard/wg0.conf
>
> sudo cat /etc/wireguard/wg0.conf
> [Interface]
> PrivateKey =xxxxxxxxx
> Address = 192.168.40.4/32
> DNS = 192.168.40.1
>
> [Peer]
> PublicKey =yyyyyyyy
> AllowedIPs = 192.168.40.1/32,192.168.40.4/32,0.0.0.0/0
> Endpoint = 111.222.333.444:51820
>
> sudo wg-quick up wg0
> [#] ip link add wg0 type wireguard
> [#] wg setconf wg0 /dev/fd/63
> [#] ip -4 address add 192.168.40.4/32 dev wg0
> [#] ip link set mtu 1420 up dev wg0
> [#] resolvconf -a wg0 -m 0 -x
> [#] ip -4 route add 192.168.40.4/32 dev wg0
> [#] ip -4 route add 192.168.40.1/32 dev wg0
> [#] wg set wg0 fwmark 51820
> [#] ip -4 rule add not fwmark 51820 table 51820
> [#] ip -4 rule add table main suppress_prefixlength 0
> [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
> [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
> [#] nft -f /dev/fd/63
>
> ping 192.168.40.1
> PING 192.168.40.1 (192.168.40.1) 56(84) bytes of data.
> ^C
> --- 192.168.40.1 ping statistics ---
> 5 packets transmitted, 0 received, 100% packet loss, time 4072ms
>
> # before wg up:
> # ------------------
> ip addr
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host noprefixroute
>        valid_lft forever preferred_lft forever
> 2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> UP group default qlen 1000
>     link/ether 04:7b:cb:2c:ab:ac brd ff:ff:ff:ff:ff:ff
>     inet 10.10.208.202/16 brd 10.10.255.255 scope global dynamic
> noprefixroute wlp1s0
>        valid_lft 79251sec preferred_lft 79251sec
>     inet6 fe80::7fbd:1fbd:56ef:baef/64 scope link noprefixroute
>        valid_lft forever preferred_lft forever
> 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state
> DOWN group default qlen 1000
>     link/ether 52:54:00:27:fe:77 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>        valid_lft forever preferred_lft forever
>
> ip route
> default via 10.10.0.1 dev wlp1s0 proto dhcp src 10.10.208.202 metric 600
> 10.10.0.0/16 dev wlp1s0 proto kernel scope link src 10.10.208.202 metric
> 600
> 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
> linkdown
>
> traceroute google.com
> traceroute to google.com (142.251.40.142), 30 hops max, 60 byte packets
>  1  _gateway (10.10.0.1)  2.214 ms  1.993 ms  1.775 ms
>  2  syn-142-254-208-053.inf.spectrum.com (142.254.208.53)  54.259 ms
>  54.198 ms  54.700 ms
>  3  lag-63.cnwynh1601h.netops.charter.com (24.58.224.169)  87.416 ms
>  87.373 ms  87.332 ms
>  4  lag-28.ptldmehx02r.netops.charter.com (24.58.40.246)  67.360 ms  67.315
> ms  67.268 ms
>  5  lag-25.rcr01albynyyf.netops.charter.com (24.58.32.64)  67.228 ms
>  67.180 ms  67.135 ms
>  6  lag-416-10.nycmny837aw-bcr00.netops.charter.com (66.109.6.10)  85.270
> ms lag-26-10.nycmny837aw-bcr00.netops.charter.com (24.30.201.130)  83.895
> ms lag-416-10.nycmny837aw-bcr00.netops.charter.com (66.109.6.10)  83.807 ms
>  7  209.85.172.46 (209.85.172.46)  83.759 ms 72.14.218.108 (72.14.218.108)
>  43.673 ms syn-066-109-007-099.inf.spectrum.com (66.109.7.99)  73.371 ms
>  8  * 192.178.108.17 (192.178.108.17)  60.608 ms  60.545 ms
>  9  142.251.64.4 (142.251.64.4)  60.479 ms 142.251.60.180 (142.251.60.180)
>  61.229 ms 142.251.53.150 (142.251.53.150)  61.174 ms
> 10  192.178.106.18 (192.178.106.18)  64.089 ms 216.239.49.65
> (216.239.49.65)  62.949 ms 192.178.106.20 (192.178.106.20)  62.894 ms
> 11  142.251.69.66 (142.251.69.66)  68.364 ms lga25s80-in-f14.1e100.net
> (142.251.40.142)  63.853 ms  62.721 ms
>
> # after wg up:
> # ----------------
> ip addr
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host noprefixroute
>        valid_lft forever preferred_lft forever
> 2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> UP group default qlen 1000
>     link/ether 04:7b:cb:2c:ab:ac brd ff:ff:ff:ff:ff:ff
>     inet 10.10.208.202/16 brd 10.10.255.255 scope global dynamic
> noprefixroute wlp1s0
>        valid_lft 79076sec preferred_lft 79076sec
>     inet6 fe80::7fbd:1fbd:56ef:baef/64 scope link noprefixroute
>        valid_lft forever preferred_lft forever
> 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state
> DOWN group default qlen 1000
>     link/ether 52:54:00:27:fe:77 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>        valid_lft forever preferred_lft forever
> 20: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state
> UNKNOWN group default qlen 1000
>     link/none
>     inet 192.168.40.4/32 scope global wg0
>        valid_lft forever preferred_lft forever
>
> ip route
> default via 10.10.0.1 dev wlp1s0 proto dhcp src 10.10.208.202 metric 600
> 10.10.0.0/16 dev wlp1s0 proto kernel scope link src 10.10.208.202 metric
> 600
> 192.168.40.1 dev wg0 scope link
> 192.168.40.4 dev wg0 scope link
> 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
> linkdown
>
> Any experts out there with an advice?
>
> Thanks, Tomas


More information about the PLUG mailing list