New to Wireguard and VPNs... how exactly should this work? - eviltoast

EDIT: It seems something is causing my wireguard hanshake to fail. I can’t find much on this particular error except “try rebooting the wg server”. I rebooted everything, and I can’t get it to connect unless the clients are already connected to the home wifi.

So I installed wg-easy on my one of my virtual machines on my proxmox “homelab”. It seems to be working, and I installed the client wireguard-tools on my phone (via app), and on my laptop (EndeavorOS), and on my minecraft server (mineOS also in proxmox).

The web client for wg-easy shows all 3 clients connected and transmitting data.

I used my routers app to open the port to the wg-easy server.

I attempted to use my phone’s cell network to pretend like I am not home, and simply ping my minecraft server. I tried with the wg ip (10.8.0.x) and I tried pinging the normal wlan ip (192.168.x.x). Neither work. I’m really confused as to why this simple test didn’t work. The documentation on wireguard’s site is pretty sparse when it comes to testing your own setup. Doe anyone have any resource to help me understand how this should work?

Side note: I have to have wireguard installed on every computer in my home network if I want to be able to reach them, correct?

other side note: If I wanted to reach my minecraft webUI (mineOS) from outside my network, what address should I use?

  • AtariDump@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    9 months ago

    Did you open the appropriate port on your firewall and make sure you’re forwarding that port properly?

    Does the PC that’s the WG server have a static IP setup?

    Is that static IP in question 2 the same as what you’re forwarding the port to in question 1?

    • Nimrod@lemm.eeOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      9 months ago

      For your first question: I went to https://www.portchecktool.com/ and found that the connection is being refused. So I think this is the issue. I will have to dig in a bit more, but I do believe the answer to your 2nd and 3rd question are - yes.

      • mazadin@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        Wanted to help you potentially avoid a wild goose chase—port checking tools won’t detect a wireguard port as open…it’s specifically designed to not advertise its presence for security purposes. Bad handshake requests are ignored, making it look like a firewall DROP rule.

        • Nimrod@lemm.eeOP
          link
          fedilink
          arrow-up
          1
          ·
          9 months ago

          Oh wow. That is a good tip. Because that could drive someone like me insane. (Un)fortunately— I know there’s an issue. Any traffic I pass through my wg vpn ends up nowhere. So I know the tragic is being redirected, but I can’t tell where or why it doesn’t make it inside my home network.

          Either way, I got Tailscale to work right out the rip, so I’m just rocking that until I have more time to tinker with WG.