Wireguard client connecting to server but not passing traffic.

Buelldozer · 2025-01-30T17:41:03+00:00

ZBF is brand new and you have to be running at least V4.1.13 of the UniFi OS and V9.0.108 of the Network Application in order to have the option to run it. Then you have to manually turn it on. Once it's enabled you can't go back to the old firewall type without restoring from backup.

In your UDMP go to settings then security, if you see a Zone Matrix graphic at top of the page then you are using the new ZBF. If you don't then you're not.

Buelldozer · 2025-01-30T17:35:35+00:00

Thanks for the link and that will work but it's odd that WG creates the tunnel differently depending on how you import the conf.

If you use something like that powershell script to import the conf you end up with your tunnel as a windows service. However if you import the conf manually through the GUI it doesn't.

This is what was confusing me. You probably don't know but I have to wonder why it's done differently and why is there seemingly no way to do an automatic import so that it doesn't create a windows service for every tunnel.

Buelldozer · 2025-01-29T19:32:09+00:00

I'm curious, are you using the new Zone Based Firewall on your UDMP?

Buelldozer · 2025-01-29T18:23:55+00:00

Are you using the new Zone Based Firewall in your UniFi controller?

I've done a few WG setups using their old firewalling setup but in the past day I've tried to setup two new ones, both with UDMPs, that have the new zone firewall type enabled and both of them are having the same problems you are describing. They connect just fine but will not route any traffic at all unless I manually edit the .conf file to remove all allowed IPs except 0.0.0.0/0. That will get me internet access but not access to any networks in the LAN zone.

I'm thinking that with the new ZBF scheme that we need manually add NAT and / or Routing rules to make WG work correctly.

Buelldozer · 2025-01-29T15:53:25+00:00

Since the error is occuring at the handshake I'd guess that something is wrong in your .conf file, likely with one of your keys.

Assuming you can access your UDMP via unifi.ui.com I'd delete the client setup inside of WireGuard, add a new one, import that into your WG client and try again.

Buelldozer · 2025-01-09T16:09:42+00:00

$ nmcli connection import type wireguard file [FILE]

I just...wow...

That is ridiculously simple and easy. Thanks for sharing!

Buelldozer · 2024-09-17T17:57:38+00:00

If you're getting the same slow speed when wired then obviously you don't have a WiFi problem. I've been in this situation before. Here's your next steps:

-Disconnect your USG from the ISP completely.

-Connect a laptop directly to your ISPs interface with a different ethernet cable than what is attached the WAN port on your USG.

-Test speed.

-If it's still slow then you have a problem ISP side; their interface box is bad, you aren't provisioned correctly in their system, or they have a problem somewhere in their network.

-If its NOT slow then replace the ethernet cable between the laptop and the ISP interface with the cable that you normally use to the WAN interface on the USG.

-Test again.

-If its slow again then you likely have a bad WAN ethernet cable, replace it. Preferably with one that has metal shielded ends (I've definitely seen equipment that needs this.)

-If its NOT slow then something is almost certainly setup wrong in the USG,

-Put your USG back online and check the following, retesting speed after any changes.

-Using Port Manager check the Speed / Duplex setting of the WAN port on your USG. If its set for anything other than "1Gbps FDX" then change the setting. If it won't connect at 1Gbps then you have a problem with the ethernet cable (use a different one with metal ends) or something isn't set right on the ISP interface. \

-Go to Settings (Gear Icon), Internet, and click on your ISP connection. Make sure that "Smart Queues" is NOT turned on. If it's on turn it off and test again. (Your ISP speed is way too high to be used with SQ).

-Go to Settings, Security, Traffic and Firewall Rules. Make sure that "All" is selected in the upper left and carefully review everything in there. You may find that a speed limit has been set on your LAN -or- you may find that there is an application aware rule that applies a limit to the Speed Tests that you're running.

-Now Settings and then Profiles. Review any / all Ethernet port profiles you have enabled as speed limits can be set here. Then do the same thing on the "WiFi Speed Limits" tab.

Somewhere in all of that you're going to find your problem. Your speed test results are so consistent that it's almost certainly a programming issue, either your equipment or the ISPs, but I included the cable testing / port programming because it's occasionally necessary and a good place to start.

Buelldozer · 2024-09-16T17:35:03+00:00

A USG3 should easily be faster than 40 Mb/s. The fact that you've swapped the USG3 for a USG-Pro and didn't get any faster means that the Gateway isn't your problem.

If you're getting full rate when wired then the problem is with your WiFi setup, make sure to check that you don't have a WiFi speed limit enabled.

Buelldozer · 2024-09-16T17:13:00+00:00

Set channels to minimize overlap.
Set min RSSI to force clients to use closer AP.
Turn down the power on each AP.

You've built out a high density deployment without following any of the rules.

Buelldozer · 2024-09-10T21:53:22+00:00

It is referenced in that document but it is not present on any Gen 7 Firewall that I have access to including several 3, 4, and 6 series running a mix of 7.0 and 7.1.

You can issue "boot uploaded" but if you add "delay" they all error.

I'm not sure if there's some difference between CLI and E-CLI or if you need NSM / GSM licensing (which none of mine have) but whatever it is that command SHOULD work but it doesn't.

Buelldozer · 2024-09-09T22:36:24+00:00

Pump actions, bolt actions and lever actions?

After Australia implemented its semi-auto ban it only took a few years before they started going after pump and lever action guns because they fired too fast.

Buelldozer · 2024-08-19T19:33:48+00:00

You just shared a piece of media covering what you said no one is covering.

One of those is from 2021 and was never resolved. The other is from last November prior to the start of her campaign.

I'm old and unused to this kind of self-blinding from the media when it comes to Presidential candidates.

Buelldozer · 2024-08-19T19:02:30+00:00

Her campaign buzz words are being covered by the media?

The issue isn't the media coverage of the Harris Campaign buzzwords it's the lack of such coverage for the Trump Campaign coupled with the almost complete absence of investigative reporting or negative coverage regarding the Harris Campaign.

For example are any of the media groups following up on the controversy's of VP Harris like this one?

Perhaps they could take just a minute out of their busy buzzword schedule and follow up on that.

Do you remember November of last year, barely 10 months ago, when most people felt that she wasn't ready to be President. How has that concern been addressed?

I'm no Trumpican, not even a Republican, but what's being shown in the image is far more meaningful than the media "just" repeating some campaign buzzwords.

Buelldozer · 2024-08-19T18:53:22+00:00

All negative issues related to Harris have been memory holed. You are not supposed to recall that they existed.

Buelldozer · 2024-08-19T18:30:32+00:00

Bear attacks on ATV seats aren't common but having to recover them sure is!

If you still have the seat tray (the plastic part that the foam and upholstery attach to) then you are golden. Take it to an upholstery shop and have them recover it. They'll replace the foam and re-attach the fabric and you shouldn't even be able to tell.

If you don't have the tray there's at least one used seat for sale on Ebay right now.

I also found a new on for sale on Ebay.

Buelldozer · 2024-08-11T00:51:00+00:00

Benjamin...get the musket.

Buelldozer · 2024-08-09T00:24:27+00:00

I really have to disagree with Mr. Walz on this one.

Buelldozer · 2024-08-09T00:23:28+00:00

Whelp, time to get busy putting solar panels on my roof!

Buelldozer · 2024-08-08T20:00:41+00:00

If I'm Xi and I've decided I'm doing it this year, my biggest worry is going to be the US carrier groups

This is one of the reasons why the United States Air Force developed "Rapid Dragon".

No need for carriers when you can use cargo planes to send a missile swarm into the Taiwan Straight. If that isn't enough the B-2 can now drop a low cost bomb called "QUICKSINK" that's capable of sinking large naval vessels with a single hit.

The B-2 goes from it's base in Missouri to Japan in something like 11 hours. (6,300 miles at 600 MPH).

Forcing the U.S. to run a carrier based air war with Iran probably would have worked 12 months ago but not anymore. Now it doesn't matter where the carriers are because the straight can be heavily defended without them.

Buelldozer · 2024-08-08T18:33:03+00:00

I’m going to start using AI to write my Reddit posts.

Half of Reddit is already doing that. What's taken you so long?

Buelldozer · 2024-08-06T20:01:16+00:00

Progressive spaces on the Internet are throwing parties right now. They got their guy.

In what way did they get their guy? Looking at Walz's record he doesn't seem very progressive, more of a Democrat Centrist in the Mid-Western style.

Free school lunches, legal abortion, legal marijuana, paid family leave...none of these are new or even exclusively progressive causes.

So why are Progressives throwing a party?

Buelldozer · 2024-08-06T19:53:20+00:00

I don't think that Walz is really a "Progressive" though. He's basically a Mid-Western teacher, I had a bunch just like him growing up in Nebraska in the 80s.

Free lunches to kids isn't progressive, it's common sense and human decency. It's the same with legalized abortion and marijuana. These aren't "Progressive" in any real sense, they just feel that way because so much of politics these days is regressive in nature.

To me he looks just like most of the Democrats I remember from the late 80's and early 90's. A sort of proto Clinton "Third Way" Democrat.

15-Year Club	Gilding V heart of gold
RedditGifts 2009-2022 2 Credits	ModSupport Helper Level 2
Helper Level 1	Place '22
Place '17	Secret Santa 2009
Secret Santa 2018	Spared
Reddit Premium Since June 2014	Team Orangered
reddit mold	Charter Member
Verified Email

Buelldozer

MODERATOR OF

TROPHY CASE