search

angristan / wireguard-install

WireGuard VPN installer for Linux servers
https://stanislas.blog/2019/01/how-to-setup-vpn-server-wireguard-nat-ipv6/
MIT License
8.12k stars 1.32k forks source link

`iptables -P INPUT DROP` kills the VPN, even if the listen port is allowed #337

Closed LoganDark closed 2 years ago

LoganDark commented 2 years ago

Adding these rules to iptables:

-A INPUT -p tcp -m tcp --dport <port> -j ACCEPT
-P INPUT DROP

cause the VPN to stop working.

I'm not sure why. Setting -P INPUT ACCEPT makes it work again.

I'm a total iptables noob so what is going on here?

LoganDark commented 2 years ago

oops, looks like WireGuard uses UDP, not TCP!

-A INPUT -p udp -m udp --dport <port> -j ACCEPT

found by using -A INPUT -j LOG and looking in /var/log/kern.log for traffic on the WireGuard port