this post was submitted on 12 Jun 2025
10 points (100.0% liked)

Linux

7921 readers
530 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
10
Debian (12/13): Wireguard VPN-client (suppo.fi)
submitted 4 days ago by 7dev7random7@suppo.fi to c/linux@programming.dev
7 comments fedilink hide all child comments
 

So, I imported my connection-configuration provided from OPNsense Wireguard VPN.

The connection is working on an old (<10 years) Android Phone. But from within Linux (same config) I am unable to resolve subnet ip addresses. I can still access the internet though.

So; Am I using my origin connection to resolve foreign ips or am I using my VPN DNS? Why am I unable to access my subnet ip addresses on my linux machine?

The Linux machine is 6.13.30-arm64 with /etc/debian_version pointing to 13.0.

I have installed wireguard-tools and network-manager only. I have also wireguard installed but it doesn't make a difference and its usage is for hosting a endpoint.

Again: It works for other machines like intended. If of concern: I am running XFCE.

top 7 comments
sorted by: hot top controversial new old
[–] xylol@leminal.space 2 points 4 days ago (1 children)

you added the wireguard config to /etc/wireguard/wg0.conf?

[–] 7dev7random7@suppo.fi 2 points 4 days ago

Yes. Then I imported said config additionally via nmcli connection import type wireguard file /etc/wireguard/wg0.conf which may be duplication.

[–] just_another_person@lemmy.world 2 points 4 days ago (1 children)
  1. what are your routes before and after connecting to the VPN?
  2. You say "resolve", do you mean by DNS, or you actually can't ping the actual IP address once connected?
  3. What is your Wireguard server config?
[–] 7dev7random7@suppo.fi 1 points 4 days ago (1 children)
  1. my routes doesn't change: default via 192.168.66.110 dev wlP6p1s0 proto dhcp src 192.168.66.211 metric 600 and 192.168.66.0/24 dev wlP6p1s0 proto kernel scope link src 192.168.66.211 metric 600.
  2. After some seconds I can access the internet but not my subnet IPs I should be able to ping. So I was wondering if I am even using my VPN connection. I can observe my outgoing connections on my opnsense (but not when doing this on my computer, the device in question).
  3. It just contains:
[Peer]
PublicKey = X
Endpoint = IP:NondefaultPort
AllowedIPs = 0.0.0.0\0,::/0

My tunnel address should be 10.200.0.13/32 once connected.

[–] just_another_person@lemmy.world 2 points 3 days ago* (last edited 3 days ago) (1 children)

If your routes aren't changing, then your device, as a client, isn't going to reach anything. You'll need to see a route for the 10.20.0.0/24 subnet show up that points to whatever the endpoint address is on the other end.

So if that's all your server config is, it's only going to allow one peer at a time. You can confirm this by disconnecting your android device from the tunnel, and then connecting using the same info from your Linux device.

You also at a minimum should have PostUP and PostDown directives to properly forward incoming traffic on your wg interface.

[–] 7dev7random7@suppo.fi 0 points 3 days ago (1 children)

If your routes aren't changing, then your device, as a client, isn't going to reach anything. You'll need to see a route for the 10.20.0.0/24 subnet show up that points to whatever the endpoint address is on the other end.

Nope, none shows up. I am looking via ip route, right?

So if that's all your server config is, it's only going to allow one peer at a time. You can confirm this by disconnecting your android device from the tunnel, and then connecting using the same info from your Linux device.

Just looked up the config created by opnsense. You were right. I had to restart wireguard to update the config file so that my other peers (like this debian machine) could connect. Thank's for helping me out!

You also at a minimum should have PostUP and PostDown directives to properly forward incoming traffic on your wg interface.

That is hopefully managed by NetworkManager, isn't?

[–] just_another_person@lemmy.world 1 points 3 days ago* (last edited 3 days ago)

I missed that you said you were using OPNsense, so the up/down would be handled there. If it's working now, don't worry about it.