Hi,
I have been trying to setup Wireguard in an LXC Container on Proxmox using this Guide: Proxmox LXC Wireguard
It would seem though I have issue with Proxmox Networking or FIrewall.
The port ( as described in the guide and as I have configured, 51820) is not available publicly and the Wireguard client continuously fails in initiating Handshake. Even though the internal IP is allocated to my client , I am unable to communicate with any internal service.
The service is running on the LXC Container Level and the port is advertised accordingly but I do not see the port OPEN on the Proxmox host.
I am running my Dedicated Server on the Hetzner service.
My config is shown as below.
wg0.conf:
AnotherClient.conf
Wireguard LXC Containter Interfaces
My expectation is that the Wireguard port would be open on both the Wireguard LXC container and the Proxmox Host node. Am I mistaken?
Can any one support on this ?
I have been trying to setup Wireguard in an LXC Container on Proxmox using this Guide: Proxmox LXC Wireguard
It would seem though I have issue with Proxmox Networking or FIrewall.
The port ( as described in the guide and as I have configured, 51820) is not available publicly and the Wireguard client continuously fails in initiating Handshake. Even though the internal IP is allocated to my client , I am unable to communicate with any internal service.
The service is running on the LXC Container Level and the port is advertised accordingly but I do not see the port OPEN on the Proxmox host.
I am running my Dedicated Server on the Hetzner service.
My config is shown as below.
wg0.conf:
INI:
# Do not alter the commented lines
# They are used by wireguard-install
# ENDPOINT XXXX.com
[Interface]
Address = 10.7.0.1/32
PrivateKey = XXXX
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# BEGIN_PEER AnotherClient
[Peer]
PublicKey = XXX
PresharedKey =XXX
AllowedIPs = 10.7.0.2/32
# END_PEER AnotherClientAnotherClient.conf
INI:
[Peer]
PublicKey =XXX
PresharedKey = XXX
AllowedIPs = 10.7.0.2/32
# END_PEER AnotherClient
root@wireguard:~# cat AnotherClient.conf
[Interface]
Address = 10.7.0.2/24
DNS = 185.12.64.1, 185.12.64.2
PrivateKey = XXX
[Peer]
PublicKey = XXX
PresharedKey = XXX
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = XXXX.com:51820
PersistentKeepalive = 25Wireguard LXC Containter Interfaces
Code:
root@wireguard:~# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fa:41:ff:fa:6a:48 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.10.10.76/24 metric 1024 brd 10.10.10.255 scope global dynamic eth0
valid_lft 427sec preferred_lft 427sec
inet6 fe80::f841:ffff:fefa:6a48/64 scope link
valid_lft forever preferred_lft forever
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.7.0.1/32 scope global wg0
valid_lft forever preferred_lft forever
INI:
wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/wg-quick@wg0.service.d
`-boringtun.conf
Active: active (exited) since Mon 2022-10-03 14:03:38 WAT; 28min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 129 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 129 (code=exited, status=0/SUCCESS)
CPU: 29ms
Oct 03 14:03:37 wireguard systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Oct 03 14:03:37 wireguard wg-quick[129]: [#] ip link add wg0 type wireguard
Oct 03 14:03:38 wireguard wg-quick[129]: [#] wg setconf wg0 /dev/fd/63
Oct 03 14:03:38 wireguard wg-quick[129]: [#] ip -4 address add 10.7.0.1/32 dev wg0
Oct 03 14:03:38 wireguard wg-quick[129]: [#] ip link set mtu 1420 up dev wg0
Oct 03 14:03:38 wireguard wg-quick[129]: [#] ip -4 route add 10.7.0.2/32 dev wg0
Oct 03 14:03:38 wireguard wg-quick[129]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; i>
Oct 03 14:03:38 wireguard systemd[1]: Finished WireGuard via wg-quick(8) for wg0.My expectation is that the Wireguard port would be open on both the Wireguard LXC container and the Proxmox Host node. Am I mistaken?
Can any one support on this ?
Last edited: