This is an automated archive.

The original was posted on /r/wireguard by /u/-quakeguy- on 2024-01-22 16:39:25+00:00.

I deployed wg on my as6706t NAS like so:

version: "3.8"

services:
  wg-easy:
    environment:
      - LANG=en
      - WG_HOST=my.censored.domain

      - PASSWORD=foobar123
      - WG_PORT=51820
      - WG_DEFAULT_ADDRESS=192.168.2.x
      - WG_DEFAULT_DNS=192.168.1.2
      - WG_MTU=1420
      - WG_ALLOWED_IPS=0.0.0.0/0
      - WG_PERSISTENT_KEEPALIVE=15

    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    volumes:
      - config:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "8085:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

volumes:
  config:

Home network is 192.168.1.0/24 and I want to use 192.168.2.0/24 for my wg client range. I created a client in the web UI, used the QR code to get the info to my iPhone and as long as my phone is on the same WIFI network (and assuming I adjust the iOS client to actually talk to the internal network IP for the machine running WG), the connection is established and I see it in the web UI.

The problem is when I try connect from outside the home. I disable WIFI, which drops me to my mobile connection for data, then I ensure my home router’s public IP is what I’m actually connecting to in the iOS client, I ensure port 51820 is forwarded on my home router to the correct internal IP (I have a whole lot of other ports forwarded to that same exact host and these port mappings work fine) yet… the handshake never completes when connecting from outside.