Hi I am trying to ran a vpn container on balena os , (GitHub - klutchell/balena-wireguard: wireguard stack for balenacloud)
This one and when i connect the client to the server there is no handshake b/w client and server , not able to connect from the internet publically .
Getting this from client
└─# wg
interface: peer1
public key: 3hdFJsPJuxqK4uDBelV94mrmdq0MZ8frl4/RUS42pjY=
private key: (hidden)
listening port: 51820
fwmark: 0xca6c
peer: reATanIswqqBUfCURJ3XvmzMV6TI96ZAfhd60ElOKU8=
endpoint: 106.208.148.171:51820
allowed ips: 0.0.0.0/0, ::/0
transfer: 0 B received, 3.90 KiB sent
Please help
Hey @neeleshdatley, did you open port 51820 on your home router or firewall? Are you able to get a handshake if you’re on the same LAN as the device running wireguard?
How did you deploy this project to your device, did you balena push as-is or did you make other changes?
Yes , Firstly I tried with this home router opened port 51820 it didnt worked then i tried with mobile wifi it did’nt worked.
But not from the internet. Do i need to set some ip tables rules or what . Please help me
I just deployed on rpi CM4 device, also on rpi4
I’m not able to reproduce this issue on any of my devices, maybe you’ve missed a step during setup?
Hopefully someone else in the forums can assist because I am not able to reproduce your issue.
we are able to get handshake if i set local ip of the device, but from internet when i set the URL=auto mode so that it pics up public ip automatically. then there is no handshake, client cant reach wireguard server.
We are in India may be our service provider does not let us to port forward or our IP is being shared by other people. I dont know what the problem is. I had opened support access on the device maybe you can take a look and tell if something is wrong. ( balena dashboard)
@neeleshdatley The device you linked is currently offline so I cannot troubleshoot from here.
When SERVER_HOST=auto we are using a public service to determine your public IP outside the NAT/firewall. You can run this command manually in a container to see what IP is returned but in general it will reliably report your public IP and likely matches the public IP in the balenaCloud dashboard.
SERVER_HOST="$(curl -s icanhazip.com)"
If this is a shared connection and you cannot open ports on that public IP I would not expect to ever get a connection. The clients will try to reach port 51820 on your public IP and not get a response without the port being forwarded.
Also the last time your device was online it reported an IPv6 address as the public address and I’ve never tested this wireguard application with IPv6. In theory it might work but it definitely needs port 51820 to be open.
Maybe you would have more luck running tailscale that uses public servers to traverse NAT and does not require any opened ports? I am currently experimenting with a few tailscale projects myself you could try. I think it’s free up to a certain number of clients.
Sorry , for earlier i have made the device online permanently , if possible plz take a look