[SOLVED] Can only get one Wireguard peer to connect

Hamaon_Overdrive · December 13, 2024, 3:05am

I have followed the guide available here in order to set up wireguard in conjunction with my pihole. I can get one peer to connect (so I am fairly confident this is not a router/firewall issue), but the other peers continue to fail and I cannot figure out what the difference here is.

# wg
interface: wg0
  public key: YjudKjjY+m6sIBDPYpZ9TwNWFtu986I0i3IowWozkS4=
  private key: (hidden)
  listening port: 47111

peer: HhpdmCmJZaIdUqzPm26i5S4JhpHq8LvHNddlqUNXmno=
  preshared key: (hidden)
  endpoint: (redacted):5096
  allowed ips: 10.100.0.2/32, fd08:4711::2/128
  latest handshake: 12 seconds ago
  transfer: 23.53 KiB received, 39.50 KiB sent

peer: R2/ZHNW3aFDwzV63QXQ6NheF99Mq9V6OJyyz0hbDJGU=
  preshared key: (hidden)
  allowed ips: 10.100.0.3/32, fd08:4711::3/128

peer: y6/UGhJYSfSJ7nVL8zevLWLUOw8sdAUYOhusifcK5yE=
  preshared key: (hidden)
  allowed ips: 10.100.0.4/32, fd08:4711::4/128

Relevant conf files:

pihole's conf:

[Interface]
Address = 10.100.0.1/24, fd08:4711::1/64
ListenPort = 47111
PrivateKey = (redacted)
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = HhpdmCmJZaIdUqzPm26i5S4JhpHq8LvHNddlqUNXmno=
PresharedKey = (redacted)
AllowedIPs = 10.100.0.2/32, fd08:4711::2/128
[Peer]
PublicKey = R2/ZHNW3aFDwzV63QXQ6NheF99Mq9V6OJyyz0hbDJGU=
PresharedKey = (redacted)
AllowedIPs = 10.100.0.3/32, fd08:4711::3/128
[Peer]
PublicKey = y6/UGhJYSfSJ7nVL8zevLWLUOw8sdAUYOhusifcK5yE=
PresharedKey = (redacted)
AllowedIPs = 10.100.0.4/32, fd08:4711::4/128

peer 1 (only client that works, on android)

[Interface]
Address = 10.100.0.2/32, fd08:4711::2/128
DNS = 10.100.0.1
PrivateKey = (redacted)

[Peer]
PublicKey = YjudKjjY+m6sIBDPYpZ9TwNWFtu986I0i3IowWozkS4=
PresharedKey = (redacted)
AllowedIPs = 10.100.0.1/32, fd08:4711::1/128
Endpoint = (redacted).1337.cx:47111
PersistentKeepalive = 25

peer 2 (doesn't work, linux mint)

[Interface]
Address = 10.100.0.3/32, fd08:4711::3/128
DNS = 10.100.0.1
PrivateKey = (redacted)

[Peer]
AllowedIPs = 10.100.0.1/32, fd08:4711::1/128
Endpoint = (redacted).1337.cx:47111
PersistentKeepalive = 25
PublicKey = YjudKjjY+m6sIBDPYpZ9TwNWFtu986I0i3IowWozkS4=
PresharedKey = (redacted)

peer 3 (doesn't work, android)

[Interface]
Address = 10.100.0.4/32, fd08:4711::4/128
DNS = 10.100.0.1
PrivateKey = (redacted)

[Peer]
AllowedIPs = 10.100.0.1/32, fd08:4711::1/128
Endpoint = (redacted).1337.cx:47111
PersistentKeepalive = 25
PublicKey = YjudKjjY+m6sIBDPYpZ9TwNWFtu986I0i3IowWozkS4=
PresharedKey = (redacted)

The guide specified that I would need to increment the IPs for each subsequent client, did I do that right? Is there something else I'm missing? I've checked a few times, the keys all line up as expected, so I didn't mis-copy/paste/pipe the key, psk, or pub files.

Hamaon_Overdrive · December 13, 2024, 7:44am

Update, I have now attempted the following:

copying the working peer 1 conf file to the linux mint machine (peer 2)
copying the peer 2 conf file to the working first android phone (peer 1)
re-creating a fresh conf file (with a new set of keys) for peer 2

None of these configurations have been able to handshake the pihole that is running wg.

Hamaon_Overdrive · December 13, 2024, 9:06am

Realized the problem. Connecting with Wireguard doesn't work if I'm still connected to that same network with wifi, I switched to a mobile hotspot and it's working as intended.

system · January 3, 2025, 9:06am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.