WireGuard multiple client bug

bbusa · Nov 6, 2021, 7:34 AM

@ciscox using different endpoints are basically creating different servers for different clients.

My whole point was that one server should be able to communicate with multiple clients at the same time using the same receiving port.

bbusa · Nov 6, 2021, 7:38 AM

@boessi yes that’s exactly the “bug” I have encountered too.

bbusa · Nov 6, 2021, 7:41 AM

@psp do you have them all working at the same time too?

psp · Nov 6, 2021, 1:16 PM

@bbusa
Yes, but I need (according to my config) to identify any road warrior device with its own IP in order to define different rules and to route VPN traffic only for defined subnets (i.e. no 0.0.0.0/0).

ahking19 · Nov 6, 2021, 7:53 PM

@boessi the peer endpoint should be your WAN IP not private IP space like you are using - 10.0.0.x.

It is not the same address space as your tunnel address/assignment.

boessi · Nov 6, 2021, 8:25 PM

@ahking19 the configuration is working from inside and outside the network, the configuration on the phone is using the wan ip as normal. the internal ip's are the internal peer ip's and thats like in all the guids I can find. The problem is only that just one of the config is working (the newest) as soon as I delete the newest one the one that is currently not working is working again. everything up until the handshake is woriking but then nothing happens. maybe good to point out, I had a working peer for a longer time, then I added a second peer that worked too, but since then my previous peer was not working anymore up to the point where I delete the newer peer and the old config started to work again.

Client Config (not working after creating the iPhone Peer that is working)

[Interface]
PrivateKey = aM7J.......
ListenPort = 51820
Address = 10.0.0.20/24
DNS = 10.0.0.1

[Peer]
PublicKey = fRz1.....
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = wan.dns.tld:51820

So the address is in the range of ther internal interface. The exact same configuration for the other peer is working (up until creating a new peer configuration).

The configuration is nothing special and as said, one peer is always working, but just the newest created peer.

boessi · Nov 6, 2021, 8:41 PM

Server Config

[Interface]
PrivateKey = KGqqu.....
ListenPort = 51820

# Peer: Windows
[Peer]
PublicKey = uiYic...
AllowedIPs = 0.0.0.0/0

# Peer: iPhone
[Peer]
PublicKey = ZWTd...
AllowedIPs = 0.0.0.0/0

jimp · Nov 9, 2021, 2:55 PM

On the "server" you do not put 0.0.0.0/0 into allowed IPs. That doesn't tell the server which networks that the client can reach. It tells the server which address belongs to the client.

For the client to reach anything you put the 0.0.0.0/0 in the client's allowed IPs list. On the server you put the IP address assigned to that client.

boessi · Nov 9, 2021, 3:42 PM

@jimp ok, so the server config is a extract from the file system, I only use the package interface and as every guide mentioned to put 0.0.0.0/0 into the peer config I just do that :) . Will try to put the client ip (10.0.0.20/32) into it and will try again.

boessi · Nov 9, 2021, 6:48 PM

@jimp thx for the hint it's working now, it totally make sense now. hope it will you @bbusa as well