Comments (7)
There's a dedicated issue for various system configuration problems, maybe it helps: #50. Otherwise, yeah, I'm afraid I can't help much more, and this would be out of scope of wgcf. I hope you sort it out though!
from wgcf.
I can confirm that it works fine for me on Debian 12, and I see no reason why the operating system would make a difference. Does a different device work? For example a phone using the official WireGuard app? Also, what country are you from? Regular WireGuard connections to Cloudflare are blocked in some countries with high abuse. In those cases, only warp-cli
will work.
from wgcf.
I'm in the US. I haven't tried android wireguard using warp creds, but windows with wireguard (not warp) client using wgcf creds works as well.
Tested the connection using pfsense (freebsd), where same creds as on the windows client work just fine.
Ubuntu was run as a vm under vmworkstation, debian as container and vm under proxmox.
from wgcf.
If it's under Docker, you'll need to add the NET_ADMIN
capability. Additionally, check for any errors like:
/usr/bin/wg-quick: line 31: resolvconf: command not found
You need to have resolvconf
installed for DNS override. In either case, it should definitely work, and it's more than likely an issue with your setup.
from wgcf.
For Docker, I also had to disable wg-quick's sysctl code since /proc is readonly:
sed -i 's/cmd sysctl/cmd true/g' "$(which wg-quick)"
And instead apply these changes directly via Docker's sysctl parameter:
net.ipv4.conf.all.src_valid_mark=1
net.ipv4.ip_forward=1
from wgcf.
Thank you for your response. I was testing under proxmox (7.4) as a lxc container and vmworkstation (windows).
Earlier this afternoon I tried ubuntu bare metal on a spare machine. That worked, so that probably should work with debian too. That confirms the creds and client are good.
Further testing under proxmox lxc (debian 11) reveals strangeness. If I spawn the connection via local console it works! If I do the same via ssh, no traffic flows. Also there's the issue of proxmox breaking the symlink for /etc/resolv.conf.
Finally, because it's proxmox 7.4, the container needs to be spun up using debian 11 template. With deb 12, I couldn't get it to pass any traffic to the tunnel, even if trying to launch wg from the proxmox ui shell console. This suggests, cf wg configuration is somehow different than that of connecting to my vps, which I could do in either a debian 11 or 12 container and from ssh.
Edit 2, more tinkering with the debian 12 lxc container. If the cf wg tunnel is configured for autostart at boot with systemctl enable, then then tunnel does indeed successfully connect and has routing. In this scenario there is no ssh involved. If I drop the tunnel then try restarting via ssh, connectivity is lost and the container requires a reboot to re-establish routing. Even restarting the tunnel in the ui console isn't 100%, sometimes it works, other times not.
But via ssh, it never does recover. If I logout of the ssh session and do a wg restart in console, then it regains connectivity.
Edit3: I realize these issues have NOTHING to do with your tool which just obtains the credentials to use with the client.
from wgcf.
I think the ultimate solution is to use a firewall with wireguard capability built in. Let it handle the connection and traffic routing rather than doing it on a vm/container level. Pfsense and Opnsense support this, probably others as well. This will eventually be implemented. For now, the solution above will have to do.
from wgcf.
Related Issues (20)
- WARP IPv6 issue with WARP+ key binded HOT 7
- IPv6 without IPv4 fallback HOT 3
- Generate QR Code HOT 1
- connection refused HOT 4
- [Question] Benefits over official app HOT 1
- wgcf cannot be used anymore? HOT 4
- initial connection issues on Linux and android devices. HOT 4
- Slow/None connection with google servicies when using wgcf HOT 2
- Error while doing wg-quick up wgcf-profile.conf HOT 2
- Using in go HOT 1
- Registered but warp is off HOT 1
- issue regarding WGCF v2.2.21 not functioning on Windows x86 HOT 1
- how to start/stop the warp service HOT 1
- CF IP from other country, not ours HOT 1
- How to connect via protocol TCP? HOT 1
- Request support of Cloudflare Security DNS HOT 1
- ⚠️⚠️This won't work if your provider blocks 1.1.1.1 DNS or WARP⚠️⚠️ HOT 4
- 401 Unauthorized
- How to change warp location? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wgcf.