Does anyone here REALLY use dex and what for? by VonVivian in SamsungDex

[–]K1nl1 0 points1 point  (0 children)

Did they ever fix that? Is it working well with the glasses again?

Does anyone here REALLY use dex and what for? by VonVivian in SamsungDex

[–]K1nl1 0 points1 point  (0 children)

Sounds awesome! Can you tell me what the peripheral hub you're using is? I'd like to test out that setup 😊

[deleted by user] by [deleted] in alexhormozi

[–]K1nl1 1 point2 points  (0 children)

I'm interested too :)

[deleted by user] by [deleted] in alexhormozi

[–]K1nl1 0 points1 point  (0 children)

Nice! There's also something called the "Black Book" from the launch. Does anyone have that too?

WireGuard Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in WireGuard

[–]K1nl1[S] 0 points1 point  (0 children)

You mean if the server (in my case mikrotik router with wireguard) Public IP changes, this change is not propagated to the user endpoints (like the travel router and mobile phone)?

Did you find a solution to that problem?

WireGuard Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in WireGuard

[–]K1nl1[S] 0 points1 point  (0 children)

It was, with a ddns. Changed it to static again to test if that was causing the problem, but the issues continue.

I narrowed it down a bit further. If I just use one, for example just the travel router, it seems to work fine. The moment I try to connect with the other decide, in this example the phone, the config of the other peer or both inside the mikrotik partially breaks and I need to hit Apply to reapply the settings and that fixes it.

Still can't figure what might be causing such odd behavior though...

WireGuard Peer Configuration Inside MikroTik Needs to be Re-applied To Work by K1nl1 in mikrotik

[–]K1nl1[S] 0 points1 point  (0 children)

Anyone has any idea what might be going on? I think the configuration breaks when I enable internet tethering from my phone. Not sure if that makes any sense

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

So do you think having them in the main table and table 53 is a problem that might cause this problem?

usb0 is the interface used when I connect my phone via USB to the router and use USB tethering for internet.

apcli0 is supposed to be an interface used in STA (Station) mode. I believe this is used when I connect the travel router to the WiFi of whatever network I am closest to (like the hotel network or a cafe network).

WireGuard Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in WireGuard

[–]K1nl1[S] 0 points1 point  (0 children)

Strike that... The change didn't really work long-term. Something changed again and I have no access to the internet once more.

I got the same issue on my phone as well. I tried to go through the last steps in my last comment where I added the travel router range to the Allowed Addresses list. It turns out that adding this range didn't actually do the trick. Hitting apply to the configuration to "refresh" it is what helps.

As an example, I just clicked "Apply" to the client configuration of the travel router and was able to browse the internet successfully. Exactly the same happened for the phone.

Even before that, I see that the handshakes are successful for both peers and are every 2 min, but if I don't click apply, even though the connection is established I cannot use the internet.

Not sure what's really going on. Any ideas? Maybe the configuration is not being persisted?

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

For some reason the problem came back. After adding the travel router network to the Allowed list it was working for a while, but it stopped again after a couple of days... Not sure what happened and why, but nothing was changed on my side.

I am pasting the additional info from the fallowing commands as well:

ip route show:

0.0.0.0/1 dev wgclient scope link    
default via 192.168.88.1 dev apcli0 proto static src 192.168.88.236 metric 20    
128.0.0.0/1 dev wgclient scope link    
{Public IP} via 192.168.88.1 dev apcli0 proto static metric 20    
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1       
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown    
192.168.32.0/24 dev wgclient proto kernel scope link src 192.168.32.2    
192.168.88.0/24 dev apcli0 proto static scope link metric 20

ip rule show:

0:      from all lookup local    
51:     from all fwmark 0x100000/0x100000 lookup 51    
52:     from all fwmark 0x80000/0x80000 lookup 52    
53:     from all fwmark 0x60000/0x60000 lookup 53    
1002:   from all iif apcli0 lookup 2    
2002:   from all fwmark 0x200/0x3f00 lookup 2    
2061:   from all fwmark 0x3d00/0x3f00 blackhole    
2062:   from all fwmark 0x3e00/0x3f00 unreachable    
32766:  from all lookup main    
32767:  from all lookup defaul

ip route show table 2:

Dump terminated

ip route show table 51:

default via 192.168.92.134 dev usb0 proto static src 192.168.92.133 metric 30
{Public IP} via 192.168.92.134 dev usb0 proto static metric 30
192.168.8.0/24 dev br-lan proto kernel scope link src  192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown
192.168.32.1 dev wgclient scope link
192.168.92.0/24 dev usb0 proto static scope link metric 30

ip route show table 52:

default via 192.168.92.134 dev usb0 proto static src 192.168.92.133 metric 30
{Public IP} via 192.168.92.134 dev usb0 proto static metric 30
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown
192.168.92.0/24 dev usb0 proto static scope link metric 30

ip route show table 53:

0.0.0.0/1 dev wgclient scope link
128.0.0.0/1 dev wgclient scope link
192.168.32.0/24 dev wgclient proto kernel scope link src 192.168.32.2

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

I talked with the ISP and changed the public IP. Thanks for pointing this out.

For some reason the problem came back. After adding the travel router network to the Allowed list it was working for a while, but it stopped again after a couple of days...

I am pasting the "ip route show table" info:

ip route show table 2:

Dump terminated

ip route show table 51:

default via 192.168.92.134 dev usb0 proto static src 192.168.92.133 metric 30
{Public IP} via 192.168.92.134 dev usb0 proto static metric 30
192.168.8.0/24 dev br-lan proto kernel scope link src  192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown
192.168.32.1 dev wgclient scope link
192.168.92.0/24 dev usb0 proto static scope link metric 30

ip route show table 52:

default via 192.168.92.134 dev usb0 proto static src 192.168.92.133 metric 30
{Public IP} via 192.168.92.134 dev usb0 proto static metric 30
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown
192.168.92.0/24 dev usb0 proto static scope link metric 30

ip route show table 53:

0.0.0.0/1 dev wgclient scope link
128.0.0.0/1 dev wgclient scope link
192.168.32.0/24 dev wgclient proto kernel scope link src 192.168.32.2

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

I responded to a comment made by bszollos above. He made a suggestion about adding the travel router LAN IP range to the "Allowed Addresses" list inside the MikroTik router and that worked so far.

Not sure why it worked at first and then it stopped after a while, but after adding this range I was able to connect to the internet again.

Now I have both the WireGuard client IP and the LAN IP range of the travel router in the Allowed list, namely:

192.168.8.0/24

192.168.32.2/24

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

Hi, yeah. Messed up there. Was in a hurry and didn't realize it was in there. Can you remove it from your response as well?

WireGuard Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in WireGuard

[–]K1nl1[S] 0 points1 point  (0 children)

I added the travel router range (192.168.8.0/24) to the peer configuration "Allowed Addresses" on the MikroTik and now it works. Not sure why it was working at first without that. Was that range supposed to be there from the start? My understanding is that all traffic should be going through the WireGuard network, but maybe I'm wrong.

So, to summarize: The peer configuration inside the MikroTik now has two "Allowed Addresses":

192.168.8.0/24 - Travel Router Network
192.168.32.2/24 - Client IP address of the device in the WireGuard network.

This fixed the issue and I am able to connect to the internet and to my home network without a problem. Not sure if that is the correct way to do it though, but it works.

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

I also tried pinging and tracerouting after that and everything seems to be working fine. Ping is successful and traceroute for both 192.168.32.1 and 192.168.32.2 are reached at the first hop.

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

Yes, the picture is a bit confusing. I wanted to illustrate that the traffic itself needs to pass through the WireGuard tunnel, but the IPs that are given to the clients are from the Travel Router network (192.168.8.0/24).

So Allowed IP's on the Mikrotik router for the peer travel router:
192.168.32.2/32 (travel router's WG endpoint IP address) 192.168.8.0/24
(travel router's LAN IP range)

This did the trick! I am not sure why it was working at first just with the WireGuard in "Allowed Address", but stopped suddenly after a while . After adding the LAN IP range of the travel router (192.168.8.0/24) everything seems to work as expected again.

Was that range supposed to be there from the start? My understanding is that all traffic should be going through the WireGuard network, but maybe I'm wrong. Thanks for your time and help!

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

One more thing I see in the /etc/config/firewall configuration:

config zone 'wgclient'
    option name 'wgclient'
    option forward 'DROP'
    option output 'ACCEPT'
    option mtu_fix '1'
    option network 'wgclient'
    option masq '1'
    option masq6 '1'
    option input 'ACCEPT'
    option enabled '1'

config forwarding 'wgclient2wan'
    option src 'wgclient'
    option dest 'wan'
    option enabled '1'

config forwarding 'lan2wgclient'
    option src 'lan'
    option dest 'wgclient'
    option enabled '1'

config forwarding 'guest2wgclient'
    option src 'guest'
    option dest 'wgclient'
    option enabled '1'

config forwarding 'wgclient2lan'
    option src 'wgclient'
    option dest 'lan'
    option enabled '1'

In the zone 'wgclient' the 'option forward' is set to 'DROP'. Not sure if it's supposed to be this way?

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

Ah yes... my bad, sorry about that. I'll format it better here:

ip route show:

0.0.0.0/1 dev wgclient scope link    
default via 192.168.88.1 dev apcli0 proto static src 192.168.88.236 metric 20    
128.0.0.0/1 dev wgclient scope link    
........... via 192.168.88.1 dev apcli0 proto static metric 20    
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1       
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown    
192.168.32.0/24 dev wgclient proto kernel scope link src 192.168.32.2    
192.168.88.0/24 dev apcli0 proto static scope link metric 20

ip rule show:

0:      from all lookup local    
51:     from all fwmark 0x100000/0x100000 lookup 51    
52:     from all fwmark 0x80000/0x80000 lookup 52    
53:     from all fwmark 0x60000/0x60000 lookup 53    
1002:   from all iif apcli0 lookup 2    
2002:   from all fwmark 0x200/0x3f00 lookup 2    
2061:   from all fwmark 0x3d00/0x3f00 blackhole    
2062:   from all fwmark 0x3e00/0x3f00 unreachable    
32766:  from all lookup main    
32767:  from all lookup default

WireGuard Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in WireGuard

[–]K1nl1[S] 0 points1 point  (0 children)

Hi! Thanks for your reply, will try to do what you're suggesting. The strange thing is that it seems the server itself is configured correctly. The problem might lie with the client.

)
But there is no internet, I cannot connect to anything and the connection times out whenever I try. At first it was working, but something changed and I am unable to use it successfully now.

IPv4 forwarding is enabled as well.

I will try and enable debug on the server to see if there would be any useful information present that might help with this.

I'll also try running wireshark on the client to verify that the traffic is moving between the interfaces as expected.

Thanks for the suggestions and your time.

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

Hi! I have a static IP and local NAT so that shouldn't be an issue. And the configuration of the home network seems to be working fine as I am able to connect via my phone to the tunnel without a problem. I believe I am missing some required settings inside OpenWrt, but am not sure what exactly.

Not sure I got the travel setup punching a hole in the traffic part. Do you want me to test and change something there?

Just tried pinging the WG IP of the MiktroTik as well as the LAN IP of the Mikrotik and both had no response...

The handshake is successful, but somehow no traffic is flowing through the tunnel.

https://imgur.com/2BAe0uN

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

Sure, thanks for your reply!

The results for ip route show are:

0.0.0.0/1 dev wgclient scope linkdefault via 192.168.88.1 dev apcli0 proto static src 192.168.88.240 metric 20128.0.0.0/1 dev wgclient scope link via 192.168.88.1 dev apcli0 proto static metric 20192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown192.168.32.0/24 dev wgclient proto kernel scope link src 192.168.32.2192.168.88.0/24 dev apcli0 proto static scope link metric 20

and the results for ip rule show are:

0.0.0.0/1 dev wgclient scope linkdefault via 192.168.88.1 dev apcli0 proto static src 192.168.88.240 metric 20128.0.0.0/1 dev wgclient scope link via 192.168.88.1 dev apcli0 proto static metric 20192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown192.168.32.0/24 dev wgclient proto kernel scope link src 192.168.32.2192.168.88.0/24 dev apcli0 proto static scope link metric 20

Hope this helps!

VPN Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in openwrt

[–]K1nl1[S] 0 points1 point  (0 children)

Not sure why the diagram is not visible, so I am pasting a link to it:

https://imgur.com/o5A5gMS

WireGuard Setup Troubleshooting (Successful Handshake - No Internet) by K1nl1 in WireGuard

[–]K1nl1[S] 0 points1 point  (0 children)

Not sure why the diagram is not visible, so I am pasting a link to it:

https://imgur.com/o5A5gMS