search

Ysurac / openmptcprouter-vps

OpenMPTCProuter VPS scripts
GNU General Public License v3.0
154 stars 68 forks source link

Internet not working on VPS after installation with Wireguard client #87

Open mcn18 opened 1 year ago

mcn18 commented 1 year ago

I have installed the VPS script on debian 11 successfully and then after reboot I can't connect to the internet via the VPS or to the VPS via SSH.

In my setup, i have a Wireguard client running on the VPS that provides a IPv4 block and an IPv6 block on interface called gw. I edited the script so that WIREGUARD="no", INTERFACE="gw", and VPS IP and HOSTNAME are set to the Wireguard public IPv4 address.

How can I get internet working correctly on this setup? Thanks!

Ysurac commented 1 year ago

shorewall is started during script installation and only traffic needed by OpenMPTCProuter is allowed. With your configuration this block all traffic on the real interface, so this also block wireguard and all access. You can set INTERFACE to your real interface or disable "systemctl -q restart shorewall" line in the VPS install script and set shorewall configuration manually before restarting the VPS.

mcn18 commented 1 year ago

Okay, thank you. How would I allow all traffic on my real interface via shorewall?

mcn18 commented 1 year ago

Also, my /etc/shorewall/interfaces already shows both interfaces. 

net     enp1s0  dhcp,nosmurfs,tcpflags,routefilter,sourceroute=0
net     gw      dhcp,nosmurfs,tcpflags,routefilter,sourceroute=0
Ysurac commented 1 year ago

In most case, it's better to configure wireguard after VPS installation. You should already have access to the VPS with this configuration (SSH on port 65222) if you don't have another running firewall. Then you can look at others VPN configurations to show what is needed in shorewall (like wg+ that is the default wireguard interface config).

mcn18 commented 1 year ago

If I configure wireguard after the installation, how would I tell OMR to use the Public IP from the WG interface?

mcn18 commented 1 year ago

The only reason I am using Wireguard is to get Public IPv4 and IPv6 from my BGP router to use with OMR. If you have a better way to tunnel these IPs to my OMR VPS that would make this easier, I am open to suggestions.

Ysurac commented 1 year ago

If default route on the VPS is WG interface, then output will be on this route.

mcn18 commented 1 year ago

@Ysurac can you tell me how to allow traffic on both my ethernet interface "enp1s0" and my wireguard interface "wg1". I cannot figure out how to do this in Shorewall. Thanks