[Bug]: When using a "standard VPN" there is no connectivity on Linux (via imported wireguard conf file)

[Semelovich]

What happened?

When using a "standard VPN" there is no connectivity on Linux (via imported wireguard conf file)

Netmaker:

• installed on a VPS ; domain name is used to access Netmaker.
• all ports needed for netmaker are opened following the quick install guide.

Conditions to reproduce a bug:

• set up a standard VPN following the official guide at https://youtu.be/NWMYPU2FCjI?t=2760

• import wireguard conf file to a client PC ("external client")

• activate wireguard connection

Results:

1. No connectivity on any Linux OS including live images.. A connection to the server is established but there are no packers going.

2. Proper connectivity on Windows and Android devices with the same wireguard conf file.

Expected results:

The wireguard configuration generated by the Netmaker server should work on any OS, not just Windows and Android.

Additional information

Linux PC info:
ip addr https://pastebin.com/tqAymq20
ip route https://pastebin.com/KfAXN8Ke

This behavior on Linux OS is also confirmed here https://old.reddit.com/r/netmaker/comments/ws9j7k/netmaker_using_as_a_simple_vpn_issues_on_linux/il193o3/

Version

v0.14.6

What OS are you using?

Linux, Windows

Relevant log output

No response

Contributing guidelines

• Yes, I did.

[afeiszli]

1. what do you mean by "standard VPN"; are you using 0.0.0.0/0?
2. does the Linux OS have "wg-quick" installed?

If it is working on Windows and Android, there is nothing in our config that would prevent it from working on Linux; it is a pure, standard wireguard config that is compatible with any client that can run a conf file, so it must be a limitation with wireguard on the device.

[Semelovich]

1. what do you mean by "standard VPN"; are you using 0.0.0.0/0?

No, I'm not. I'm not using the latest version hence I can't use 0.0.0.0/0. I followed the linked official guide to set up internet gateway.

These are the settings I set (it was specified like this in the official documentation which now has changed coz of the new version released) https://photos.google.com/share/AF1QipPTzV5HMMe1ZkvflOBDp5HApgOLqvka9Oz3K1Oosgd-bJbbNI2YDaA-PjoqvG2DhA/photo/AF1QipNvn4Q_sgDzo5OX8O8PPY8izMusbTJ8mTVoWik5?key=WTlTd1NXbXVIbFFaTmhTdnNPc095cEplNDl3OVd3

Network settings
https://photos.google.com/share/AF1QipPTzV5HMMe1ZkvflOBDp5HApgOLqvka9Oz3K1Oosgd-bJbbNI2YDaA-PjoqvG2DhA/photo/AF1QipOJfC_MPnXY_vtfEmjRv34s_XKk1x-GQ0jDkyRn?key=WTlTd1NXbXVIbFFaTmhTdnNPc095cEplNDl3OVd3

2. does the Linux OS have "wg-quick" installed?

Yes.

If it is working on Windows and Android, there is nothing in our config that would prevent it from working on Linux; it is a pure, standard wireguard config that is compatible with any client that can run a conf file, so it must be a limitation with wireguard on the device.

Well, when another person tried to run in on ubuntu it didn't work either. And it didn't work on any linux distro I tried, even the live bootable image.

[afeiszli]

My best guess is that for peer Endpoints, it was attempting to route the traffic over the egress gateway in order to reach those Endpoints, which wont work. With 0.0.0.0/0 it works differently by changing the gateway, so it is worth trying with this new version.

[ViRb3]

@Semelovich are you by any chance using the "exclude local IPs" option? If yes, you are probably experiencing the following issue:

• Exclude private IPs from Wireguard profile ViRb3/wgcf#42

Workaround (scroll down for "better" route method):

• https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/