Hello team, Hoping you could help me out with a foggy situation. The past week I have been struggling to get the Wireguard VPN working smoothly. Everything seems to work on paper, except in a specific way it doesn't. I am using Pop!_OS 21.04 (Ubuntu Hirsute).
SitRep; I work as a freelance consultant and want to be careful about the local networks' peeping tom when accessing sensitive work documents from 'out of office', e.g. at a friend's place or at a hotel. So my objective is to access my home network via PiHole and then continue onward to access my work-related documents on a fileserver. I was hoping this could be easily achieved with Wireguard. Using the Wireguard VPN wg0 with wg-quick worked perfectly when I connected to my brother's phone hotspot (4G). I could access our home via VPN as expected and could work on my documents without any problems. The trouble is that I am now at a different location, working with a fixed router from Ziggo NL. For some reason the WG0 still connects perfectly, but after that a small mystery occurs. I did not make any modifications to WG0.conf, so I remain stumped. With WG active, I am no longer able to access any webpage. So no access to protonmail\gmail, reddit or anything else. Telegram, however, is still working fine. Internal machines on the home's local network (IP-camera) can also be accessed directly. Disabling the WG gives me full access to any webpage as usual. So something is amiss that affects my browser only (Firefox 91.0). I already did some troubleshooting. Starting with Uncomplicated Firewall (UFW). I tried disabling UFW and rebooting, but this did not change anything. I still lacked browser access when connected with WG0, but Telegram still worked fine. The output from sudo wg is; interface: wg0 public key: (hidden) private key: (hidden) listening port: <portnumber> fwmark: 0xca6c peer: (hidden) preshared key: (hidden) endpoint: >our_endpoint_name<.ddns.net:51820 allowed ips: 0.0.0.0/0, ::/0 latest handshake: 3 seconds ago transfer: 92 B received, 4.77 KiB sent To be on the safe side, I added several rules to UFW (and reloaded UFW each time) per advice from https://jianjye.medium.com/how-to-fix-no-internet-issues-in-wireguard-ed8f4bdd0bd1 , leaving me with the following output from ufw status verbose. (But like I said, the problem occurs even with UFW disabled.) Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- Anywhere/udp on wg0 ALLOW IN Anywhere/udp <portnumber>/udp ALLOW IN Anywhere <portnumber>/udp ALLOW IN Anywhere <portnumber>/udp on wlp0s20f3 ALLOW IN Anywhere Anywhere/udp on wlp0s20f3 ALLOW IN Anywhere/udp <portnumber> on wlp0s20f3 ALLOW IN Anywhere Anywhere/udp (v6) on wg0 ALLOW IN Anywhere/udp (v6) <portnumber>/udp (v6) ALLOW IN Anywhere (v6) <portnumber>/udp (v6) ALLOW IN Anywhere (v6) <portnumber>/udp (v6) on wlp0s20f3 ALLOW IN Anywhere (v6) Anywhere/udp (v6) on wlp0s20f3 ALLOW IN Anywhere/udp (v6) <portnumber> (v6) on wlp0s20f3 ALLOW IN Anywhere (v6) Anywhere on eth0 ALLOW FWD Anywhere on wg0 Anywhere on wg0 ALLOW FWD Anywhere on eth0 Anywhere on wg0 ALLOW FWD Anywhere on enp40s0 Anywhere on enp40s0 ALLOW FWD Anywhere on wg0 Anywhere on wlp0s20f3 ALLOW FWD Anywhere on wg0 Anywhere on wg0 ALLOW FWD Anywhere on wlp0s20f3 Anywhere (v6) on eth0 ALLOW FWD Anywhere (v6) on wg0 Anywhere (v6) on wg0 ALLOW FWD Anywhere (v6) on eth0 Anywhere (v6) on wg0 ALLOW FWD Anywhere (v6) on enp40s0 Anywhere (v6) on enp40s0 ALLOW FWD Anywhere (v6) on wg0 Anywhere (v6) on wlp0s20f3 ALLOW FWD Anywhere (v6) on wg0 Anywhere (v6) on wg0 ALLOW FWD Anywhere (v6) on wlp0s20f3 Now all these rules may be barbaric overkill, and yes I will admit that I have a limited understanding of what everything means and how it affects my security. Though I am a linux newcomer and employ duckduckgo to the best of my abilities the learning curve is still pretty much in effect. That being said, do feel free to point out any serious flaws I may have unwittingly introduced or simply push me towards some longreads ;) Any hints on solving this issue are appreciated. Additional notes; * the DDNS in wg0.conf is properly translated to an IP address each time. So that seems to be no issue. * I am currently using the Dutch Ziggo network, which already seems to have a reputation concerning the use of VPN applications. Maybe the issue lies herein? * Should I consider this relevant? > https://github.com/pop-os/pop/issues/773 I am a bit cautious about doing more random stuff before actually understanding what is going on. Regards, Sander
