Closed kjgd closed 4 years ago
Fixing Ubuntu 18.04 DNS in #6 required rebooting the server.
While troubleshooting the resulting total connection failure, I re-ran the playbook.
After doing so, the connection started working again (given the POSTROUTING wg0.conf lines discussed in #6).
POSTROUTING
The reason for the connection failure therefore appears to be that some of the iptables rules were wiped during reboot.
The following items were changed on the playbook re-run:
TASK [wireguard_ansible/wireguard_role : Enable IPv4 forwarding continued] ********************************************************************************************************************************** changed: [myserver] TASK [wireguard_ansible/wireguard_role : Track input chain] ************************************************************************************************************************************************* changed: [myserver] TASK [wireguard_ansible/wireguard_role : Track forward chain] *********************************************************************************************************************************************** changed: [myserver] TASK [wireguard_ansible/wireguard_role : Allow incoming wireguard connections] ****************************************************************************************************************************** changed: [myserver] TASK [wireguard_ansible/wireguard_role : Allow recursive DNS tcp] ******************************************************************************************************************************************* changed: [myserver] TASK [wireguard_ansible/wireguard_role : Allow recursive DNS udp] ******************************************************************************************************************************************* changed: [myserver] TASK [wireguard_ansible/wireguard_role : Allow forwarding of packets that stay in the tunnel] *************************************************************************************************************** changed: [myserver] ... TASK [wireguard_ansible/wireguard_role : Set up iptables persistence] *************************************************************************************************************************************** changed: [myserver]
To check whether this was a function of the reboot, or whether these playbook tasks are simply not idempotent, I re-ran the playbook again immediately. This time only the following tasks came back 'changed':
TASK [wireguard_ansible/wireguard_role : Enable IPv4 forwarding continued] ********************************************************************************************************************************** changed: [myserver] ... TASK [wireguard_ansible/wireguard_role : Set up iptables persistence] *************************************************************************************************************************************** changed: [myserver]
It looks like quite a few of the iptables rules are not persisting past reboots in Ubuntu 18.04.
Run the following two commands after a server reboot and share the output:
iptables -S iptables -S -t nat
This should help see what rules are not persisting a reboot in your case.
Fixing Ubuntu 18.04 DNS in #6 required rebooting the server.
While troubleshooting the resulting total connection failure, I re-ran the playbook.
After doing so, the connection started working again (given the
POSTROUTING
wg0.conf lines discussed in #6).The reason for the connection failure therefore appears to be that some of the iptables rules were wiped during reboot.
The following items were changed on the playbook re-run:
To check whether this was a function of the reboot, or whether these playbook tasks are simply not idempotent, I re-ran the playbook again immediately. This time only the following tasks came back 'changed':
It looks like quite a few of the iptables rules are not persisting past reboots in Ubuntu 18.04.