Wireguard starts, but sends no packets to other peers

[wimg]

Description I installed the synology-wireguard for the device. All seems to be going well, but when I start it up, wireguard doesn't send any packets over the connection. It's as if it doesn't even try.

Steps to reproduce

$ ssh user@nas
$ sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.16.150.2/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
$ sudo wg show
interface: wg0
  public key: <redacted>
  private key: (hidden)
  listening port: 51820

peer: <redacted>
  endpoint: <public_ip_of_peer>:51820
  allowed ips: 172.16.150.1/32

Expected behavior wireguard should send out packets to the on port 51820. Instead it's not sending out anything. tcpdump -i eth0 port 51820 doesn't show anything at all. eth0 is the correct interface. Pinging to works fine. Connecting with wireguard to that peer from another machine works fine as well.

Synology NAS model DS1819+

wg0.conf

[Interface]
Address = 172.16.150.2/24
SaveConfig = true
ListenPort = 51820
PrivateKey = <redacted>

[Peer]
PublicKey = <redacted>
AllowedIPs = 172.16.150.1/32
Endpoint = <redacted>:51820

[wimg]

Small update : I tried compiling it using the docker image. That compile went well, package installs perfectly, but still no packets are being sent. When I make it connect in the other way (the peer connecting to the Synology), the Synology sees a connection, but it still doesn't send packets back. It's as if it can receive, but not send. The firewall is completely disabled, iptables -L -v shows nothing at all and defaults to ACCEPT on all targets.

[runfalk]

It sounds like you are encountering the "race condition" (for lack of a better explanation). If you look at this issue thread (https://github.com/runfalk/synology-wireguard/issues/10) a lot of users have solved this by manually adding a route after wg-quick up.

[wimg]

Thanks, it looks like that's the issue. Very odd thing...