Wireguard n00b, IP address doesn't change [SOLVED]

audiodef · Last edited by audiodef on Thu Oct 08, 2020 1:56 pm; edited 1 time in total

Using https://blogs.gentoo.org/lu_zero/2019/05/03/using-wireguard/ and other sources, I'm trying to set up a VPN.

Using Fdroid on my phone, I installed a Wireguard client and configured it. When I activate it, it appears to connect, but going to a browser doesn't show my server's IP address. (Just my usual IP address on my phone.)

wg0.conf:

etnull · Guru Joined: 26 Mar 2019 Posts: 487 Location: Russia

Isn't 192.168.* range is for local networks? What VPN provider do you use? Your own server? I have server's IPs in both Address and Endpoint, not local ones.

Etal · Veteran Joined: 15 Jul 2005 Posts: 1865

Not a wireguard expert by any means but I have a setup where my phone routes all its traffic through my home server, which I think is what you're looking for.

When you set Allowed IPs to 192.168.2.1/32 on your phone, it will only route that address to your server. You can try running something on your server (e.g. "python -m http.server") and see if you can connect to it via its wireguard address from the phone (http://192.168.2.1:8000/).

If you want to be able to route all traffic via your server (not just connect to it remotely), I think you need to set Allowed IPs to 0.0.0.0/0, which means all IP addresses. You will also need to set up nftables or iptables for ip forwarding.

I found the Arch wiki pretty helpful.

audiodef · Posted: Thu Oct 01, 2020 12:25 am Post subject:

Now that makes more sense.

Interestingly, my ssh connections get broken when I change my config to use my server's IP.

Here's what I have now:
wg0.conf:

Etal · Veteran Joined: 15 Jul 2005 Posts: 1865

Sorry, I meant set Allowed IPs to 0.0.0.0/0 on your phone, not your server.

szatox · Veteran Joined: 27 Aug 2013 Posts: 1987

Ant P. · Watchman Joined: 18 Apr 2009 Posts: 6862

Your server needs IPv4 forwarding enabled for traffic to pass between wg0 and the outside internet, else it'll only let your phone connect to services running on it.

audiodef · Posted: Fri Oct 02, 2020 1:59 pm Post subject:

Hu · Moderator Joined: 06 Mar 2007 Posts: 16452

It does not. The shown iptables rule will cause the forwarded traffic to be sane enough that the connections will work when traffic is forwarded. It does not instruct the kernel to permit the traffic to be forwarded in the first place. For that, /proc/sys/net/ipv4/ip_forward must be non-zero (traditionally, 1).

audiodef · Posted: Sun Oct 04, 2020 9:43 pm Post subject:

audiodef · Posted: Wed Oct 07, 2020 6:07 pm Post subject:

Interesting...

I got it working when I use OpenDNS or Google for the DNS in my phone's peer settings. I can see from whatismyipaddress and doing a speed test that my IP address is my server's IP address.

So, ultimate test... open Netflix.

Still acts like it's in the US.

Did I miss something?

EDIT: Nm, Netlflix is telling me about the #2 show in Germany today. All I wanted was evidence my VPN was working, and it is.

Now on to the next step, making sure my VPN has good security and privacy protection.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.

szatox · Veteran Joined: 27 Aug 2013 Posts: 1987

audiodef · Posted: Thu Oct 08, 2020 1:56 pm Post subject: