Struggling to get RUT240 to connect to an existing Wireguard server

I have an existing wireguard server, which I am attempting to get my RUT240 to connect to.

I can see traffic on the server both send and receive.

On the RUT240 I can see traffic out to the wireguard server, and I can see ingress traffic on the wan link that is providing external connectivity (wlan0-1). The wg command shows that no data is recieved.

I haven’t done anything other than add the wlan0-1 interface, which is a wireless client providing external network and set up the Wireguard interface (I have tested the setting using another client on the same network, which connects ok).

I would expect to see the ingress traffic forwarded to the wg interface (using tcpdump to inpsect the traffic) - but I don’t see that but I’m not sure if this assumption is correct.

I have the (generated) traffic rule for wireguard in the firewall - Incoming IPv4 UDP From wan To Device port 51820. I have also verified that device wlan0-1 is in the wan group.

Any clues someone can give me to get this going would be very much apprechiated.

Hello,

Most probable cause: at least one of the keys is wrong / missing if you see packets on the port 51820 and nothing on the wg output.

Regards,

Thanks for your comments…
Server side show packets in both directions.
RUT240 shows packets sent but not received. I see the packets being sent from the server to the RUT240, and they are reveived at the RUT240 (as seen on wireshark) but not on the WG interface.

I’ve used the same keys on another device and it works.

That’s why I’m scratching my head a little!

Hmm. What is the size of the packets, as seen on wireshark ?

WG Server → RUT240 176Bytes
RUT240 → WG Server 120Bytes

What is the output of wg on the server ? Of ifconfig for the wg interface ?

WG On server (for the RUT240 peer):
peer:

LN*********=
  preshared key: (hidden)
  endpoint: <RUT240_publicIP>:29970
  allowed ips: 10.*.*.12/32
  transfer: 1.19 MiB received, 758.55 KiB sent

ifconfig wg0 On server:

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 10.*.*.1  netmask 255.255.255.0  destination 10.*.*.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 574167  bytes 88876928 (84.7 MiB)
        RX errors 236  dropped 0  overruns 0  frame 236
        TX packets 2375448  bytes 3015203332 (2.8 GiB)
        TX errors 0  dropped 2288 overruns 0  carrier 0  collisions 0

Appologies - looks like your first thought was indeed correct.

Main keys were correct, but I had a character cut/paste error on the pre-shared key I didn’t catch…

Strangly, fixing that solved the issue.

Happy for you.

This topic was automatically closed 40 hours after the last reply. New replies are no longer allowed.