Question

Peer tunnel enables invalid remote server ip address

Peer enables invalid remote server ip address 127.0.0.0 when connected. Device is an iPhone 16 with latest public iOS. Server is running Ubuntu 24.04 LTS on Raspberry Pi 5

Client .conf configuration file:

[Interface] PrivateKey = <Peer’s private key> Address = 10.8.0.10/24 DNS = <My local DNS servers>

[Peer] PublicKey = <Remote server’s public key> Endpoint = <public FQDN>:51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 30

Any suggestion about what I have done wrong


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Thank you @KFSys and @alexdo for your help! There was an incorrect port forwarding on my external firewall that I had overlooked. When rule was correct WireGuard clients successfully connects. Obvious mistake, but sadly not discovered.

alexdo
Site Moderator
Site Moderator badge
August 23, 2024

Heya, @kjellingemeisal

I’ll recommend checking the logs and also restarting the Wiregard service.

To check the server logs you can run:

sudo journalctl -u wg-quick@wg0

Also if you’ve made any recent DNS changes this can take some time to properly update.

Regards

KFSys
Site Moderator
Site Moderator badge
August 20, 2024

Heya,

1. DNS Resolution:

  • Ensure that the <public FQDN> provided in the Endpoint field resolves correctly to the public IP address of your server. You can manually verify this by running a DNS lookup from your iPhone or any other device.
  • If the DNS resolution fails, the WireGuard client might default to 127.0.0.0, which is invalid.

2. Endpoint Configuration:

  • Double-check the Endpoint value to ensure it’s correctly formatted. It should be something like your.domain.com:51820.
  • If you are using a dynamic DNS service, make sure it is correctly updating and that the DNS propagation has completed.

3. Allowed IPs:

  • The AllowedIPs = 0.0.0.0/0 should allow all traffic through the VPN tunnel. However, this will route all traffic through the tunnel, which might be unnecessary if you only need specific routes.
  • If you only want to route specific traffic, modify the AllowedIPs to the required subnets.

4. PersistentKeepalive:

  • Setting PersistentKeepalive = 30 is fine, especially if you’re trying to maintain a connection behind NAT. However, this setting should not impact the IP address resolution.

5. Check the Server Configuration:

  • Ensure the server configuration on the Raspberry Pi is correct and that it’s properly listening on port 51820 (or whichever port you’ve chosen).
  • Make sure that the public IP or domain on the server’s configuration matches the actual public IP or the domain is resolving correctly.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
Animation showing a Droplet being created in the DigitalOcean Cloud console