search

StreisandEffect / streisand

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
https://twitter.com/streisandvpn
Other
23.16k stars 1.99k forks source link

WireGuard - no internet #1686

Open serjflint opened 4 years ago

serjflint commented 4 years ago

Expected behavior:

Connect to internet using WireGuard

Actual Behavior:

No internet after wg-quick up. No ping with 8.8.8.8. OpenVPN works with sudo openvpn.

Steps to Reproduce:

  1. Install Streisand on Existing Server (Advanced) vds-ams2.melbicom.net Ubuntu 16.04
sudo wg-quick up topple-vehicle
[#] ip link add topple-vehicle type wireguard
[#] wg setconf topple-vehicle /dev/fd/63
[#] ip -4 address add 10.192.122.2/32 dev topple-vehicle
[#] ip link set mtu 1420 up dev topple-vehicle
[#] resolvconf -a topple-vehicle -m 0 -x
[#] wg set topple-vehicle fwmark 51820
[#] ip -6 route add ::/0 dev topple-vehicle table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip -4 route add 0.0.0.0/0 dev topple-vehicle table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
cat /etc/wireguard/topple-vehicle.conf 
# "topple-vehicle" - Streisand WireGuard Client Profile
[Interface]
Address = 10.192.122.2/32
DNS = 10.192.122.1
PrivateKey = privatekey

[Peer]
PublicKey = publickey
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = CustomIP:51820
sudo wg show
interface: topple-vehicle
  public key: publickey
  private key: (hidden)
  listening port: 33641
  fwmark: 0xca6c

peer: peer
  endpoint: CustomIP:51820
  allowed ips: 0.0.0.0/0, ::/0
  transfer: 0 B received, 3.61 KiB sent
ifconfig
topple-vehicle: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 10.192.122.2  netmask 255.255.255.255  destination 10.192.122.2
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 59  bytes 8732 (8.5 KiB)
        TX errors 0  dropped 1185 overruns 0  carrier 0  collisions 0
sudo cat /etc/resolv.conf
# Generated by resolvconf
nameserver 10.192.122.1

Ansible Information

Streisand Information

Enabled Roles

serjflint commented 4 years ago

The test client is behind an esoteric MikroTik router and its firewall. Later I try another PC with a direct connection.

rokernel commented 4 years ago

I have the same issue, already tried using 2 VPSes from two different providers. OpenVPN works fine.

serjflint commented 4 years ago

I manually switched to DNSCrypt as a DNS provider and now it works for me. Also, I disabled DNSmasq.

furiannn commented 4 years ago

serjflint: Do you have any guides on how we can accomplish this ourselves? Newbie over here :)

serjflint commented 4 years ago

@furiannn Just googled it. DNSCrypt-proxy v2. P.S. Because of problems with my VPS provider and Cloudflare I just switched to paid WireVPN. So I can't provide further assistance.