Question

Peer tunnel enables invalid remote server ip address

Posted on August 17, 2024
Community
Asked by Kjell Inge Meisal

Peer enables invalid remote server ip address 127.0.0.0 when connected. Device is an iPhone 16 with latest public iOS. Server is running Ubuntu 24.04 LTS on Raspberry Pi 5

Client .conf configuration file:

[Interface] PrivateKey = <Peer’s private key> Address = 10.8.0.10/24 DNS = <My local DNS servers>

[Peer] PublicKey = <Remote server’s public key> Endpoint = <public FQDN>:51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 30

Any suggestion about what I have done wrong

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Kjell Inge Meisal • August 24, 2024

Thank you @KFSys and @alexdo for your help! There was an incorrect port forwarding on my external firewall that I had overlooked. When rule was correct WireGuard clients successfully connects. Obvious mistake, but sadly not discovered.

alexdo

Site Moderator

• August 23, 2024

Heya, @kjellingemeisal

I’ll recommend checking the logs and also restarting the Wiregard service.

To check the server logs you can run:

sudo journalctl -u wg-quick@wg0

Also if you’ve made any recent DNS changes this can take some time to properly update.

Regards

KFSys

Site Moderator

• August 20, 2024

Heya,

1. DNS Resolution:

Ensure that the <public FQDN> provided in the Endpoint field resolves correctly to the public IP address of your server. You can manually verify this by running a DNS lookup from your iPhone or any other device.
If the DNS resolution fails, the WireGuard client might default to 127.0.0.0, which is invalid.

2. Endpoint Configuration:

Double-check the Endpoint value to ensure it’s correctly formatted. It should be something like your.domain.com:51820.
If you are using a dynamic DNS service, make sure it is correctly updating and that the DNS propagation has completed.

3. Allowed IPs:

The AllowedIPs = 0.0.0.0/0 should allow all traffic through the VPN tunnel. However, this will route all traffic through the tunnel, which might be unnecessary if you only need specific routes.
If you only want to route specific traffic, modify the AllowedIPs to the required subnets.

4. PersistentKeepalive:

Setting PersistentKeepalive = 30 is fine, especially if you’re trying to maintain a connection behind NAT. However, this setting should not impact the IP address resolution.

5. Check the Server Configuration:

Ensure the server configuration on the Raspberry Pi is correct and that it’s properly listening on port 51820 (or whichever port you’ve chosen).
Make sure that the public IP or domain on the server’s configuration matches the actual public IP or the domain is resolving correctly.