[UnSolved] Possible BUG : Wireguard routing weirdly
-
-
@arrmo Quite possible - different symptoms with a common underlying cause. Will have to wait and see. I asked for help on reddit and until now no one else seems to come across this issue. A few days ago I did try setting up rules under WIREGUARD group to see if that'd make a difference to the lost packets and it did not :(.
-
@ab5g OK, NP - let's see how it goes. As long as that group rule is in place, most traffic gets through (still some odd sites). But with it off, much more trouble. And I have tried adding all sorts of pass rules in LAN and WG (interface), none of them seem to be working. Dang it!
Thanks!
-
@arrmo ping jimp here with your issue details. One more voice will help maybe.
-
@ab5g said in [UnSolved] Possible BUG : Wireguard routing weirdly:
ping jimp here with your issue details
ping? Meaning IM? Thinking the comments above are a ping of sorts, no?
Thanks!
-
@AB5G BTW, are you finding that a pass-all rule on the WireGuard group does help any, or not at all? I find it helps, but it's not a fix-all. Still some issues.
I checked the firewall logs, nothing there noted as blocked, so fun to debug. Any suggestions? Enabled logging on default rules? Or try tcpdump? To try to help resolve this.
Thanks!
-
@arrmo No it doesn't work for me. The packet passes the WG filter, get Natted to the WG Tunnel IP and then gets lost - I don't see it on the WAN.
-
@ab5g Dang it! And you have WireGuard set like this, right?
This is matching to what you recommended to me, so assuming you do - but just in case. Once I do this, and set up Hybrid Outbound NAT, then things are better (not 100%, but a lot better). Using the WG Interface causes me all sorts of grief
Thanks!
-
@AB5G Please let me know if you have any luck. Had to tear down WireGuard, go back to OpenVPN. Just not finding it up / consistent enough. Dang it! I see the (good) potential though
Thanks!
BTW, this isn't perhaps the split routing that OpenVPN uses (on the "client" side), is it? Or are you not redirecting all traffic?
-
Nope no luck and no one else is reporting this issue so I'm holding still.
-
@ab5g Understood, here as well. Just yell if there is anything I can do to help!
-
@ab5g FYI, I'm not seeing any more odd routing issues - now that I am on v2.5.0 (vs. RC I was running before). Are you on 2.5.0, and still seeing issues? If not, perhaps give it a try?
-
@arrmo Yeah still there - I've made my peace with it though. Its only my AppleTv that routes through the VPN, so whenever things don't work - I find out the IP address of what the TV is trying to access and add it to the Wireguard peer. Because its is only a few apps on the TV - its not much hassle to add add the IP blocks once in a while.
-
@ab5g OK, NP - just figured I'd let you know. BTW, are you adding the pass rules to the interface, or the WireGuard (group)? I'm still using the group, never did get the interface working .
Thanks!
-
@arrmo Im using the interface. For now leave it to whatever is working for you. When things calm down around the new release maybe we can revisit this with the devs.
-
@ab5g Sounds good, thanks!