https://netmaker.org logo
Join Discord
Powered by
Hello everybody I have a question
# install
i
Hello everybody, I have a question regarding a "simple" vpn setup with netmaker. I followed this instructions: https://docs.netmaker.org/egress-gateway.html#nat-gateway and used nmctl to create the network with a default external client DNS, but If I connect my phone as external client, I cant access the internet :/ The phone doesn't receive any packages. Any idea what I can do to solve my issue?
b
by "the phone doesn't recive any packages" do you mean it doesn't handshake?
i
yes, sorry for the confusion, I thought that the phone could connect to the server because the node was shown in the graph overview, but I gues that doesn't indicate anything :/
This was caused by may firewall, I'm sorry :/ Now my phone can receive packages, but I'm still unable to access the internet through the VPN. I'm a litte bit confused by the settings for the phone wireguard, because there is the same ip used for my phone client and for the DNS server (.254). Is this a bug?
b
can you send a screen shot of the netowrk graph
i
from netmaker? the graph is really small, only my phone, my server node and a node named 0.0.0.0/0
b
can you ping the node which has the 0.0.0.0/0 egress? from the ext client
i
so you mean the server node?
because this is the connection structure: phone -> server node -> 0.0.0.0/0
b
then yes
i
yep, the server node is pingable from the phone via ip
b
can you traceroute 1.1.1.1 from the ext client
see where the traffic is getting stuck
i
yep, I will try
but why 1.1.1.1? Sorry if this is a nooby question
first step is localhost, then my server node (10.11.10.1) then all steps are "no reply"
b
there is no reason it has to be that ip spefically, but its one i use cause 1) i know its an internet ip 2) its cloudflares dns server that ive never had icmp request blocked on 3) cause its cloudflares dns server it has a very very high uptime.
what os is the server node?
i
debian 11
arm 64
b
is ip forwarding enabled?
i
ouh shit, no, I dont think so
I will try this 🙂
I enabled ip forewarding by editing 
/etc/sysctl.conf
and uncomment 
net.ipv4.ip_forward=1
. Then I called 
sysctl -p
But nothing changed when trying to traceroute 1.1.1.1 from the client
b
try 
iptables -P FORWARD ACCEPT
i
nice, now I can ping 1.1.1.1 🙂 but it cant resolve DNS request, because a ping on google.com failed with unknown host
b
okay, what is the DNS entry on the extclient config file
i
ahhh, there was a mistake
thank you so much for your time 🙏 now i can access the internet from my external client 🥳
b
you are welcome
PreviousNext
Powered by