I am trying to connect to external Wireguard server and have my Vyos as client. However, it doesn’t seem to connect and I don’t know why.
I have 0 TX and 0 RX on show interfaces.
I have updated the /config/auth/wireguard/default to have their private key and public key
Configuration
wireguard wg01 {
address 2a0c:*****/128
description Vultr
peer vultr {
address 207.246.*.*
allowed-ips ::/0
port 51820
pubkey *************************
}
private-key default
}
Firewall
On WAN interface
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
And the actual firewall
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action accept
description "Accept invalid state"
state {
invalid enable
}
}
}
ipv6-name WANv6_LOCAL {
default-action accept
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action accept
description "accept invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route enable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description GRE
log disable
protocol 47
}
rule 11 {
action accept
description "Allow from Vultr"
protocol all
source {
address 207.246.*.*
}
}
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action accept
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 11 {
action accept
description "Allow to Vultr"
destination {
address 207.246.*.*
}
protocol all
}
rule 20 {
action accept
description "GRE Tunnel"
log disable
protocol 47
source {
}
}
rule 50 {
action accept
description "Allow from Vultr"
protocol all
source {
address 207.246.*.*
}
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}