hwdsl2
commented
2 years ago @anartikov Hello! What is your server's Linux distribution and version?
Closed anartikov closed 2 years ago
hwdsl2
commented
2 years ago @anartikov Hello! What is your server's Linux distribution and version?
anartikov
commented
2 years ago @hwdsl2 CentOS Linux release 7.9.2009
hwdsl2
commented
2 years ago @anartikov This could be an IPTables issue. Can you post the IPTables rules from your server?
sudo iptables -nvL; sudo iptables -nvL -t nat@hwdsl2
[root@nartserv2 ~]# sudo iptables -nvL; sudo iptables -nvL -t nat
Chain INPUT (policy ACCEPT 19694 packets, 1057K bytes)
pkts bytes target prot opt in out source destination
1 84 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1701 policy match dir in pol none
5134 207K DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
523K 555M ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
16 7936 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 500,4500
10 1064 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1701 policy match dir in pol ipsec
0 0 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1701
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
34 1360 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
374K 707M ACCEPT all -- eth0 ppp+ 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
170K 25M ACCEPT all -- ppp+ eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp+ ppp+ 192.168.42.0/24 192.168.42.0 /24
60 14681 ACCEPT all -- eth0 0.0.0.0/0 192.168.43.0 /24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 192.168.43.0/24 0.0.0.0/0
876 59323 DROP all -- 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wg0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1658K packets, 1997M bytes)
pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 23180 packets, 1572K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 16655 packets, 897K bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 566 packets, 37910 bytes) pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5715 616K MASQUERADE all -- eth0 192.168.42.0/24 0.0.0.0/0
19 9634 MASQUERADE all -- eth0 192.168.43.0/24 0.0.0.0/0 policy match dir out pol none
566 37910 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
anartikov
commented
2 years ago hwdsl2
commented
2 years ago @anartikov Got it. It looks like you used this script to install WireGuard: https://github.com/angristan/wireguard-install
That script is incompatible with the Setup IPsec VPN project. To fix the issue:
anartikov
commented
2 years ago @hwdsl2 At startup https://github.com/angristan/wireguard-install, it does not offer uninstallation, but only installation
hwdsl2
commented
2 years ago @anartikov Did you install WireGuard using that script? Try running touch /etc/wireguard/params first, then run the script from https://github.com/angristan/wireguard-install, select uninstall.
anartikov
commented
2 years ago Removed and reinstalled https://github.com/hwdsl2/wireguard-install
The problem is gone, thanks!
anartikov
commented
2 years ago Understood, at what moment there is an error described above. Everything works fine until the first reboot of the server. After a reboot, the problem recurs. That is, the handshake goes well, but there is no Internet access.
anartikov
commented
2 years ago Please tell me what information to provide you so that you can possibly help me.
wireguard is not working. The handshake goes well, the server is pinged. But there is no internet access. Tried on Windows, phone, router, the result is the same.