WireGuard and Scale 23 Traffic cant go anywhere

[MrCaspan]

So I have successfuly configured my app for WireGuard and my clients can connect to the server but I cannot get them to go anywhere. I only get bytes sent but never received. I have tested a few different things and still cannot get any traffic going

I have tried the following:

Create a bridged connection:
So when I go to my network interface and I try to remove the IP address on it and I click save.. the save button grays out and nothing happens. Its like I cannot remove the IP address on this interface. If I try to change the IP address I get an error "192.168.86.232' is being consumed by Applications, please use a different node IP in applications configuration.". So I am assuming the reason why I cannot save is mostlikly for the same reason but the error is not captured and displayed. I have tried to unbind the IP address form the Apps Advanced config section and removed the eth interface from it.. I still the same error, I have even rebooted. How can you create a bridge connection with a single connection becuase it creates a chicken egg situation? Not sure how to do this..

I have also tried to go to the System > Advanced and added sysctl to the following settings:
net.ipv4.ip_forward = 1
net.ipv4.conf.all.src_valid_mark = 1

Rebooted and I get the same issues.

How can I get WireGuard to see my home network? It connects but lets 0 traffic through

 

[MrCaspan]

So I finally got the bridge to work by going to my App page and by Removing my Pool settings then removing all my adapter settings and rebooting the server. THen i could finally remove the IP address from the interface. But now I am having the issue that even though I have the bridge setup and configure i get no traffic dow the VPN tunnel On Windows it say 0 received.. but lots sent! ANy ideas

 

[chuck32]

Only sent and none received usually indicates no connection, yet you say your clients can connect to the server.

Even if you just established the connection and did nothing else, there should be traffic on both directions.

I dont use the wireguard app, so it's out of my wheelhouse, but I guess we would need to see your configuration (server and client side) to further investigate.

 

[MrCaspan]

Thanks for the reply. I finaly got it to work but man was it a hastle...

First I had to go to my Apps page and stop all my apps.
Then i had to remove my Pool from the apps page
Remove the IT address and ethernet adapter form the Apps advanced settings page and the adapter
Turn off all VMs that use this IP address and turn auto start off
Reboot TrueNAS then and only then could I remove the IP address from the Netowrk adapter and then add a bridge and give it the IP address and add the ethernet to the bridge
Then go to my apps page and reconnect my pool
Add the IP address again and bind to the new br0 ethernet
then reboot TrueNAS again and trun on my apps.

What a nightmare of steps LOL

For some reason it would not work until I rebooted TrueNAS. I'm not sure why but this seemsed to work!

EDIT you don't need to do this, bad testing on my part!
Also becuase I wanted to do split tunneling (I only wanted traffic meant for my home network to go down the vpn tunnel) one thing the guide does not say is that if my home network is 192.168.1.0/24 you would think well then replace the allowed IP address in the config (0.0.0.0/0 which means all ip4 traffic) for WireGuide client to 192.168.1.0/24 which to me means any time you try to access any IP address in the 192.168.1.0 network it would use the VPN Tunnel.. I could not get this to work untill I also added 10.8.0.0/24 to the allow list.. Why would i have to allow the IP address for the VPN tunnel to the allow list? why is this not default added to all routing. Maybe i screwed somthing up but this seems to be the issue and boom i had VPN. I am going to try to reset and test my settigns again to make sure what it is that made it work!

So it took a bunch of troubleshooting but I hope this post helps other users!

 

[chuck32]

I could not get this to work untill I also added 10.8.0.0/24 to the allow list.. Why would i have to allow the IP address for the VPN tunnel to the allow list? why is this not default added to all routing.

It should be working without adding the VPN network, at least with my fritzbox and pfsense acting as wireguard "servers" it does.

You should share your server and client configurations (redact the private keys) if you want more insight on that.

 

[MrCaspan]

Sorry I also found out that the corporate firewall was blocking it.. I was on the bus traviling home and I thought what if i add the VPN network and boom it worked.. I didnt realize the reaosn it worked was becuase I was outside of the corporate firewall now, I thought it was because added the 1.8.0.0/24 network! You are correct I didnt need to add the VPN netowrk.

 

[MrCaspan]

Sorry to clear things up since 10 people have asked what I did.. Here are the exact steps

Make sure DHCP is turned off on the primary NIC and that the IP address is hard coded on the NIC

1. Stop all VMs and turn off auto start (This way they don't turn back on if you have to reboot)
2. Go to the Apps page and stop all your apps
3. In the Apps Setting at the top right select "Unset Pool" this unmounts your App pool
4. In Settings > Advanced Settings
Change the Node IP address to 0.0.0.0
Change the Route v4 Interface to ---
Change the gateway to blank (But remember what it was because you will need to set it back)
5. NOW nothing should be using the IP address. Once I still got the error that the IP address was in use and it would not remove it so I rebooted the NAS and this fixed the issue.
6. Go to the network section and see if you can delete the IP address from the primary NIC (remember what the IP address is so you can add it back to the bridge connection)
7. Create a bridge connection, I called it br0 and gave it the IP address that you deleted form the primary NIC
8. Select "test settings" and you should still have access to the TrueNAS if not settings will revery in 20 seconds so don't freak out.
9. If you get access again then Save the settings
10. Go to the Apps page > Settings > Mount App Pool
11. Go to Settings > Advanced Settings and set the Node IP address to the one in the drop down
12. Route v4 Interface will now be your br0 NIC
13. And the Gateway is the one that you wrote down in step 4

Some apps took some time to show up again so for simplicity I just rebooted the server. Once i confirmed the apps were running and working I turned my VMs back on with auto start enabled (If you turned it off) and tested and everything worked as expected!