Wireguard connection problem

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
lajola
Posts: 22
Joined: Wed Mar 10, 2021 7:44 pm

Wireguard connection problem

Post by lajola » Fri Mar 12, 2021 7:06 pm

I have a big problem with Wireguard. I am on Catalina. I set all like in this page: https://cryptostorm.is/wireguard many times.
I have done all kind of tries but I can't surf in any way.

This is the log:
https://workupload.com/file/tNMQkpc2gKb

I need help.

User avatar
df
Site Admin
Posts: 472
Joined: Thu Jan 01, 1970 5:00 am

Re: Wireguard connection problem

Post by df » Sun Mar 14, 2021 1:39 am

I don't have a macOS system here to test with, but other users have reported that Catalina works fine for them, so I guess make sure you're using the latest WireGuard according to https://www.wireguard.com/install/ (as of this post, v1.0.12 via the App Store), and double check any firewall settings that might block the traffic, or routing settings that might conflict with 10.10.x.x (what WireGuard uses internally). That log file isn't very useful since it's not very verbose, basically just tells when a session is opened. See if whatever was used to make that log file can increase it's verbosity to show more details. You could also try WireGuard on another system and see if it works with your publickey/PSK/IP/etc., if not then you could try removing the key from your token @ https://cryptostorm.is/wireguard_man then readding it with https://cryptostorm.is/wireguard

lajola
Posts: 22
Joined: Wed Mar 10, 2021 7:44 pm

Re: Wireguard connection problem

Post by lajola » Sun Mar 14, 2021 11:17 am

Weird. I tried my other Wireguard VPN and all works well. I also disabled adguard, littlesnitch and all the possible, but always the same problem. I don't know what to do. I checked double the wireguard conf, etc.. and seems all configurated in the right way.

User avatar
df
Site Admin
Posts: 472
Joined: Thu Jan 01, 1970 5:00 am

Re: Wireguard connection problem

Post by df » Sun Mar 14, 2021 11:30 am

I just checked the servers, the Manchester node's WireGuard peer list was out of sync with the others. Looks like it was missing from the backend API that updates the nodes when new peers get added/deleted. That's fixed now, so if you were trying the Manchester node, try again and it should work.

If that's not the node you were on and another WireGuard VPN works fine, then my guess is that the PSK or IP is incorrect. Did you try creating a new one @ cryptostorm.is/wireguard ?

lajola
Posts: 22
Joined: Wed Mar 10, 2021 7:44 pm

Re: Wireguard connection problem

Post by lajola » Sat Mar 20, 2021 9:34 pm

df wrote:
Sun Mar 14, 2021 11:30 am
I just checked the servers, the Manchester node's WireGuard peer list was out of sync with the others. Looks like it was missing from the backend API that updates the nodes when new peers get added/deleted. That's fixed now, so if you were trying the Manchester node, try again and it should work.

If that's not the node you were on and another WireGuard VPN works fine, then my guess is that the PSK or IP is incorrect. Did you try creating a new one @ cryptostorm.is/wireguard ?
I tried everything until today and always the same problem. Really i don't know what still i can try ... With other wireguard vpn i have no problems.
If we have a good widget also for osx and with wireguard support we will haven't problems :yawn:

User avatar
df
Site Admin
Posts: 472
Joined: Thu Jan 01, 1970 5:00 am

Re: Wireguard connection problem

Post by df » Sat Mar 20, 2021 9:55 pm

Only other thing I can think of is the MTU is getting set to something unusual on your end. Server-side's wg0 interface has the default MTU of 1420, client-side's interface should be the same.

If that's not it, email support@cryptostorm.is with your config so we can double check the IP/PSK/keys on our end. We'll need your private key too, but that can always be regenerated later once we pinpoint the issue.

Guest

Re: Wireguard connection problem

Post by Guest » Tue Mar 23, 2021 6:15 am

df wrote:
Sat Mar 20, 2021 9:55 pm
Only other thing I can think of is the MTU is getting set to something unusual on your end. Server-side's wg0 interface has the default MTU of 1420, client-side's interface should be the same.

If that's not it, email support@cryptostorm.is with your config so we can double check the IP/PSK/keys on our end. We'll need your private key too, but that can always be regenerated later once we pinpoint the issue.
How can check this mtu stuff?

Exactly what you need in mail to check the problem? Thanks

User avatar
df
Site Admin
Posts: 472
Joined: Thu Jan 01, 1970 5:00 am

Re: Wireguard connection problem

Post by df » Wed Mar 24, 2021 10:00 am

Disregard my last posts, it was an issue on our end. WireGuard should be working correctly now. Problem was the server was doing `wg syncconf` (among other things) to update the config without disrupting active sessions, but syncconf wasn't always adding the 10.10.x.x IP to the routing table. Without that IP in the routing table, some new clients would be able to connect but no traffic would go through the tunnel.
I grabbed all the 10.10.x.x IPs from the wg database and added them to all the server's routing tables, so they shouldn't have this problem anymore. Also updated the backend and all the servers to add that IP to the routing table automatically when new peers are added, so nobody else should see this issue either.

EDIT:
Didn't need to add every active 10.10.x.x IP to the routing table, `route add -net 10.10.0.0/16 wg0` accomplishes the same thing. Not sure why, but some servers didn't have that in the routing table, and some did.

prospav
Posts: 9
Joined: Sun Jan 06, 2013 7:19 pm

Re: Wireguard connection problem

Post by prospav » Wed Mar 24, 2021 7:39 pm

Switzerland server still not working.

User avatar
df
Site Admin
Posts: 472
Joined: Thu Jan 01, 1970 5:00 am

Re: Wireguard connection problem

Post by df » Wed Mar 24, 2021 11:52 pm

@prospav
DNS server on Switzerland is under a heavy DoS attack right now, working with the ISP to block it. The server's still up and running fine, but since the DNS server running on it is recursive, some of the root DNS servers have blocked requests from it, causing DNS to fail.

EDIT:
since the attack is still ongoing a few days later, I've disabled the public DNS server on the Switzerland node, and until the root DNS servers unblock the IP, all DNS for the Switzerland node will be forwarded to the Austria node's DNS server. That should keep DNS working for anyone connected to the Switzerland node.

Guest

Re: Wireguard connection problem

Post by Guest » Thu Mar 25, 2021 5:05 am

df wrote:
Wed Mar 24, 2021 10:00 am
Disregard my last posts, it was an issue on our end. WireGuard should be working correctly now. Problem was the server was doing `wg syncconf` (among other things) to update the config without disrupting active sessions, but syncconf wasn't always adding the 10.10.x.x IP to the routing table. Without that IP in the routing table, some new clients would be able to connect but no traffic would go through the tunnel.
I grabbed all the 10.10.x.x IPs from the wg database and added them to all the server's routing tables, so they shouldn't have this problem anymore. Also updated the backend and all the servers to add that IP to the routing table automatically when new peers are added, so nobody else should see this issue either.

EDIT:
Didn't need to add every active 10.10.x.x IP to the routing table, `route add -net 10.10.0.0/16 wg0` accomplishes the same thing. Not sure why, but some servers didn't have that in the routing table, and some did.
All works perfect now. Finally. Web surfing on fire! :thumbup:

lajola
Posts: 22
Joined: Wed Mar 10, 2021 7:44 pm

Re: Wireguard connection problem

Post by lajola » Fri Mar 26, 2021 1:44 am

@df

i have this error after maked 6 wireguard connection:

Error: That token is limited to 6 wireguard keys,
and there's already 6 keys in the system.
Go here if you need to delete your other keys.

So we can not add and use all servers like in other vpns?

User avatar
df
Site Admin
Posts: 472
Joined: Thu Jan 01, 1970 5:00 am

Re: Wireguard connection problem

Post by df » Fri Mar 26, 2021 2:09 am

lajola wrote: @df

i have this error after maked 6 wireguard connection:

Error: That token is limited to 6 wireguard keys,
and there's already 6 keys in the system.
Go here if you need to delete your other keys.

So we can not add and use all servers like in other vpns?
You're confusing connections with keys. What you're doing on that page isn't making connections, it's making keys. Each key gets added to all of our servers so that you can connect to any of them using that key. Each cryptostorm token can only have a certain number of keys associated with it. The page at https://cryptostorm.is/blog/wireguard-support-added under "Device limits" show the number of WireGuard keys that are allowed for each cryptostorm token type (in your case, 6). WireGuard won't allow you to connect to more than one server on the same device (at the same time), but we don't have any network-wide connection limits, so technically you could (for example) have 30 devices each using the same key and connecting to different servers.

lajola
Posts: 22
Joined: Wed Mar 10, 2021 7:44 pm

Re: Wireguard connection problem

Post by lajola » Fri Mar 26, 2021 4:57 am

df wrote:
Fri Mar 26, 2021 2:09 am
lajola wrote: @df

i have this error after maked 6 wireguard connection:

Error: That token is limited to 6 wireguard keys,
and there's already 6 keys in the system.
Go here if you need to delete your other keys.

So we can not add and use all servers like in other vpns?
You're confusing connections with keys. What you're doing on that page isn't making connections, it's making keys. Each key gets added to all of our servers so that you can connect to any of them using that key. Each cryptostorm token can only have a certain number of keys associated with it. The page at https://cryptostorm.is/blog/wireguard-support-added under "Device limits" show the number of WireGuard keys that are allowed for each cryptostorm token type (in your case, 6). WireGuard won't allow you to connect to more than one server on the same device (at the same time), but we don't have any network-wide connection limits, so technically you could (for example) have 30 devices each using the same key and connecting to different servers.
Understood now. All tunnels config and working. Thanks ;)

Post Reply