Wireguard Link Don't Want To Start

fegauthier · September 28, 2020, 11:28am

Hi guys!

I’m trying to setup Mullvad Wireguard VPN but the link doesn’t want to go up.

There is my config

set interfaces wireguard wg0 address '10.65.136.226/32'
set interfaces wireguard wg0 description 'Mullvad'
set interfaces wireguard wg0 peer LAN address '91.193.6.2'
set interfaces wireguard wg0 peer LAN allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer LAN port '51820'
set interfaces wireguard wg0 peer LAN pubkey '********'
set interfaces wireguard wg0 private-key 'KP01'

There is the result of the interface

vyos@vyos:~$ show interfaces wireguard wg0
interface: wg0
  description: Mullvad
  address: 10.65.136.226/32
  public key: *****
  private key: (hidden)
  listening port: 51560

  peer: LAN
    public key: *****
    endpoint: 91.193.6.2:51820
    allowed ips: 0.0.0.0/0

    RX:  bytes  packets  errors  dropped  overrun       mcast
             0        0       0        0        0           0
    TX:  bytes  packets  errors  dropped  carrier  collisions
             0        0       0        0        0           0

Does anyone know why the link doesn’t want to go up ?

olofl · September 28, 2020, 11:32am

set interfaces wireguard wg0 address '10.65.136.226/32'
Are you supposed to have a /32 address on a wireguard interface? Is it P2P? I thought you need a bigger mask so you can talk to remote address on the wireguard interface.

fegauthier · September 28, 2020, 11:59am

It comes from the Mullvad config directly.

fegauthier · September 28, 2020, 1:36pm

This is my config from Mullvad

[Interface]
PrivateKey = *****
Address = 10.65.136.226/32
DNS = 193.138.218.74

[Peer]
PublicKey = *****
AllowedIPs = 0.0.0.0/0
Endpoint = 91.193.6.2:51820

rob · September 28, 2020, 4:24pm

Did you set any route over or to your wg interface? The /32 Address confuse me either

This only means you never use the interface.

RX:  bytes  packets  errors  dropped  overrun       mcast
         0        0       0        0        0           0
TX:  bytes  packets  errors  dropped  carrier  collisions
         0        0       0        0        0           0

phillipmcmahon · October 2, 2020, 6:25pm

I have a similar mullvad config on my router, using a /32 and it works perfectly fine.

I assume you have specified a peer in your config, just you don’t show it in the snippet you provide. mullvad regularly cycle their hosts, and check whether the one you are targeting is actually up and running using a wireguard client on a pc and that you get a handshake etc.

If that works, how are you routing traffic down the wg0 interface, are you using PBR?

Maybe you can share your sanitised config in full?

fegauthier · October 2, 2020, 6:53pm

Finally, I rebooted to router and it worked.

Thanks!