Closed sginestrini closed 1 year ago
Hi @sginestrini , both of these configurations
interface:
private_key: _privatekeyA
address: 10.50.138.2
dns:
- 8.8.8.8
- 8.8.4.4
post_up: >-
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; iptables -A FORWARD -p
tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
post_down: >-
iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; iptables -D FORWARD -p
tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
mtu: 1420
peers:
- public_key: _publickA
pre_shared_key: _presharedKey
endpoint: domain.duckdns.com:51820
allowed_ips:
- 10.50.138.0/24
persistent_keep_alive: "25"
log_level: debug
and
[Interface]
PrivateKey = _privatekeyB
Address = 10.50.138.1/24
MTU = 1420
ListenPort = 51820
### begin homeassistanthost ###
[Peer]
PublicKey = _publickB
PresharedKey = _presharedKey
AllowedIPs = 10.50.138.2/32
### end homeassistanthost ###
appear to be correct. What's GC /etc/wireguard/configs/homeassistanthost.conf
config file? It's not useful for your purpose, you've already the add-on configuration.
Please check on Google Cloud (I suppose GC stands for it...) firewall section and in your modem configuration too.
Hi @bigmoby , Exactly, I used GC for Google Cloud.
GC /etc/wireguard/configs/homeassistanthost.conf
is the original file from which /home/user/configs/homeassistanthost.conf
was copied. I thought was good to know, don't know if it's a problem to have differences on allowed_ips different between this file and the config on the client.
GC firewall is correctly configured from the commands
$ gcloud compute firewall-rules create wireguardrule --allow udp:51820
$ gcloud compute firewall-rules list
My modem configuration seems good (it was the same I used with HACore where it was working)
Do I need to setup http.trusted_proxies into configuration.yaml
? Now is disabled but I also tried that by setting ip of the GC server and/or wireguard server ips.
Thanks
Hi @sginestrini ok GC seems to be ok. Have you tried to connect to your Wireguard master peer from your smartphone or any other device or pc? So we could analize the problem in the first half part...
I've tryied with my smartphone, it's working good. The only difference in the config are the allowed_ips, on my smartphone it's set as default to 0.0.0.0/0 , ::/0
as I had on HA Core. With these setting I'm seeing rx/tx data from the wireguard app and from google cloud wg clients
. If I set allowed_ips to 10.50.138.0/24
they disappear but I can still use internet, from the log can't see anything useful
Please analize the wg.conf created inside the add-on docker container, and check if appears right...or wrong.
Same as addon config except for:
interface:
private_key: pk
address: 10.50.138.2**/24**
Problem found. It was my fault: I wrote dudkdns.com
instade of duckdns.org
in the config of the haddon 🤭
Problem/Motivation
Expected behavior
Actual behavior
This what I get from the addon's log:
Never get any packet received. If I try to ping client from the server I always get:
If I ping 10.50.138.0 or 10.50.138.1 from client I get no response
In the addon I'm unable to set allowed_ips: 0.0.0.0 If I'll do that I receive this error:
like this, but I can't set
allowed_ips: []
because I get same error.Steps to reproduce
These are all the configs files:
HAOS Addon
GC /etc/wireguard/configs/homeassistanthost.conf
GC /etc/wireguard/wg0.conf
I have configured PortMapping on my router to redirect 51820 to my raspy as setupped before for Core. I also tried to configure http.trusted_proxies from configuration.yaml but nothing changed.
I think I miss something else in the configuration... Thank you