WireGuard on Proxmox Host - No Handshake, No RX Data

V

vorpalveil

New Member
Feb 1, 2025
3
0
1
I'm running WireGuard on my Proxmox host (192.168.1.10) to access services remotely, but no UDP packets arrive, no handshake, no RX data on my client.

Setup:

  • Proxmox Host IP: 192.168.1.10
  • WireGuard Interface: 10.0.0.1/24
  • Port Forwarding: UDP 51820 → 192.168.1.10
  • Firewall: Disabled
  • wg0.conf: Configured correctly, keys match

Debugging So Far:

✅ wg show lists my phone, but no handshake
✅ ss -tulpn | grep 51820 confirms WireGuard is listening
✅ iptables -L -n -v confirms correct forwarding rules
❌ tcpdump -i any udp port 51820 → No packets received
❌ nc -u PUBLIC IP: 51820 from phone → No response on Proxmox

The wg0.conf file looks like this:
Code: 
[Interface]
PrivateKey = PRVATE KEY
Address = 10.0.0.1/24
ListenPort = 51820
DNS = 8.8.8.8, 4.4.8.8

# Enable NAT and IP forwarding 
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o vmbr0 -j MASQUERADE

# Phone Client 
[Peer]
PublicKey = 48qI/gogt0aWTjspBlXW0KmgcY9iLZN3+/J>
AllowedIPs = 10.0.0.2/32

# Laptop Client 
#[Peer] 
#PublicKey = <LAPTOP_PUBLIC_KEY> 
#AllowedIPs = 10.0.0.3/32 

# Nextcloud LXC 
#[Peer] 
#PublicKey = <NEXTCLOUD_PUBLIC_KEY> 
#AllowedIPs = 192.168.1.11/32 

# Plex LXC 
#[Peer] 
#PublicKey = <PLEX_PUBLIC_KEY> 
#AllowedIPs = 192.168.1.12/32
 
Try the WG connection while your phone is on the local network, do the TCPdump, getting packets? If you're getting packets in this scenario something is not configured correctly in your gateway router.

Also are your other LXC peers connecting properly? Try those first and it will validate services on the local network can reach/communicate with wireguard

When debugging network scenarios isolate and "test it down the line," meaning eliminate pieces of the network from the debugging scenario and then walk yourself back to the full scenario when each portion is validated.
 
Hi, thanks for your response! I am pretty desperate. I played with this for a while and I have tested the connection while on local network. I have not tested the individual containers though. So thats what I will try now.
Thanks again.
 
>I played with this for a while and I have tested the connection while on local network

And everything works fine in this case? If that's a yes I would double check your router/gateway configuration. What router do you use? You can find a guide here for your exact router model

https://portforward.com/router.htm
 
Finale3333 said:
>I played with this for a while and I have tested the connection while on local network

And everything works fine in this case? If that's a yes I would double check your router/gateway configuration. What router do you use? You can find a guide here for your exact router model

https://portforward.com/router.htm
Click to expand...
No, unfortunately i couldnt get it to work under any condition. Chat gpt just thinks my router is blocking the connection, but it worked for me a few weeks ago. It was the first service I set up on the server, then as I got the rest of the containers and services up, I found that it didnt work anymore. And im not even sure what changed. I removed wireguard and reinstalled it with a clean slate - and I find myself here.


I tried to get it to work on the containers and since that didnt work I grabbed Tailscale and got it up and running in 20 inutes.
Im giving up a lot some nice features, but I do need that remote access soon so the switch makes sense for me.
I appreciate your assistance though!
 
> No, unfortunately i couldnt get it to work under any condition

If thats the case then something was messed up with WG config or networking on that specific box

> Tailscale
I was about to recommend that, I'm glad you found that path. Very easy and simple way to get external tuns working
 
You must log in or register to reply here.
Top Bottom