Wireguard: client is able to connect and ping other internal machines but ssh & http
by dookie23 from LinuxQuestions.org on (#56EQK)
Hi all,
I am a newbie and I am trying to setup WireGuard server on my RPi (running Ubuntu 20.04).
My config (server):
root@ubuntu:/home/ubuntu# more /etc/wireguard/wg0.conf
[Interface]
Address = 10.100.100.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 123
PrivateKey = PrivateA
[Peer]
PublicKey = PublicKeyB
AllowedIPs = 10.100.100.2/32
Endpoint = 203.128.74.219:20028
My config (client):
[Interface]
Address = 10.100.100.2/32
PrivateKey = PrivateB
[Peer]
PublicKey = PublicKeyA
Endpoint = my.destination.com:123
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 21
My client is able to connect and I can ping the machines in my internal network. However, the client is not able establish a SSH or HTTP connection to the machines in my internal network.
It seems that it can connect to the SSH but it just hangs at SSH2_MSG_KEXINIT:
$ ssh -v user1@192.168.0.99
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.0.99 [192.168.0.99] port 22.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/id_rsa type 0
debug1: identity file /home/user1/.ssh/id_rsa-cert type -1
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: identity file /home/user1/.ssh/id_dsa-cert type -1
debug1: identity file /home/user1/.ssh/id_ecdsa type -1
debug1: identity file /home/user1/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user1/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user1/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user1/.ssh/id_ed25519 type -1
debug1: identity file /home/user1/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user1/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user1/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user1/.ssh/id_xmss type -1
debug1: identity file /home/user1/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0,OpenSSH_7.1,OpenSSH_7.2,OpenSSH_7.3,OpenSSH_7.4,OpenSSH_7.5,OpenSSH_7.6,OpenSSH_7.7 compat 0x04000002
debug1: Authenticating to 192.168.0.99:22 as 'user1'
debug1: SSH2_MSG_KEXINIT sent
To add more details, I am able to connect through netcat and send over the letters typed in the terminal. I have tried both ways, client connects to server and vice versa. Both ways are successful.
For HTTP, I am getting a similar results:
Server
ubuntu@ubuntu:~$ python3 -m http.server 8000
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
10.100.100.2 - - [02/Aug/2020 17:18:30] "GET /index.html HTTP/1.1" 200-
Client
$ wget http://10.100.100.1:8000/index.html
--2020-08-02 11:18:30-- http://10.100.100.1:8000/index.html
Connecting to 10.100.100.1:8000... connected.
HTTP request sent, awaiting response...
It seems other than a successful 3-way handshake, the client does not get any response from the machines. Am I missing something? Any suggestions?
Thanks.
I am a newbie and I am trying to setup WireGuard server on my RPi (running Ubuntu 20.04).
My config (server):
root@ubuntu:/home/ubuntu# more /etc/wireguard/wg0.conf
[Interface]
Address = 10.100.100.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 123
PrivateKey = PrivateA
[Peer]
PublicKey = PublicKeyB
AllowedIPs = 10.100.100.2/32
Endpoint = 203.128.74.219:20028
My config (client):
[Interface]
Address = 10.100.100.2/32
PrivateKey = PrivateB
[Peer]
PublicKey = PublicKeyA
Endpoint = my.destination.com:123
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 21
My client is able to connect and I can ping the machines in my internal network. However, the client is not able establish a SSH or HTTP connection to the machines in my internal network.
It seems that it can connect to the SSH but it just hangs at SSH2_MSG_KEXINIT:
$ ssh -v user1@192.168.0.99
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.0.99 [192.168.0.99] port 22.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/id_rsa type 0
debug1: identity file /home/user1/.ssh/id_rsa-cert type -1
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: identity file /home/user1/.ssh/id_dsa-cert type -1
debug1: identity file /home/user1/.ssh/id_ecdsa type -1
debug1: identity file /home/user1/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user1/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user1/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user1/.ssh/id_ed25519 type -1
debug1: identity file /home/user1/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user1/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user1/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user1/.ssh/id_xmss type -1
debug1: identity file /home/user1/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0,OpenSSH_7.1,OpenSSH_7.2,OpenSSH_7.3,OpenSSH_7.4,OpenSSH_7.5,OpenSSH_7.6,OpenSSH_7.7 compat 0x04000002
debug1: Authenticating to 192.168.0.99:22 as 'user1'
debug1: SSH2_MSG_KEXINIT sent
To add more details, I am able to connect through netcat and send over the letters typed in the terminal. I have tried both ways, client connects to server and vice versa. Both ways are successful.
For HTTP, I am getting a similar results:
Server
ubuntu@ubuntu:~$ python3 -m http.server 8000
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
10.100.100.2 - - [02/Aug/2020 17:18:30] "GET /index.html HTTP/1.1" 200-
Client
$ wget http://10.100.100.1:8000/index.html
--2020-08-02 11:18:30-- http://10.100.100.1:8000/index.html
Connecting to 10.100.100.1:8000... connected.
HTTP request sent, awaiting response...
It seems other than a successful 3-way handshake, the client does not get any response from the machines. Am I missing something? Any suggestions?
Thanks.