I've been trying to setup Wireguard for my Ubuntu 22.04.3 LTS server that, along with Pi-hole, is hosting a couple of my own self-hosted websites. Ideally, I'd like it so that by connecting via VPN, I'd get access to both the internet and my self-hosted website, filtered through Pi-hole's ad-blocking. I've been following Pi-hole's instructions here, and got up to what seems to be my laptop and Android Phone doing a proper handshake with the server.
Code:
$ sudo wg
interface: wg0
public key: (redacted)=
private key: (hidden)
listening port: 47111
peer: (redacted, Android)=
preshared key: (hidden)
endpoint: 172.59.185.188:31743
allowed ips: 10.100.0.2/32, fd08:4711::2/128
latest handshake: 34 seconds ago
transfer: 30.54 KiB received, 22.71 KiB sent
peer: (redacted, laptop-win)=
preshared key: (hidden)
endpoint: 73.9.84.143:52098
allowed ips: 10.100.0.4/32, fd08:4711::4/128
latest handshake: 1 minute, 26 seconds ago
transfer: 302.57 KiB received, 2.41 KiB sent
peer: (redacted)=
preshared key: (hidden)
allowed ips: 10.100.0.3/32, fd08:4711::3/128
Boot up Firefox, though, and on Android, neither Google nor my own self-hosted website shows up. I've turned off the wifi on the device, thus using the 5G network to see if the problem is related to the router or not, but to no avail. For laptop, Google barely shows up (presumably from the browser's cache,) LinkedIn doesn't; my self-hosted sites doesn't show up, either. The Wifi notification on the laptop starts telling me there's no internet as soon as I turn Wireguard client on, so that's also concerning.
What are some ways to troubleshoot what's going on with this?
Anyway, my /etc/wireguard/wg0.conf is currently configured like so:
Code:
[Interface]
Address = 10.100.0.1/24, fd08:4711::1/64
ListenPort = 47111
PrivateKey = (redacted)=
PostUp = nft add table ip wireguard; nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule ip wireguard wireguard_chain counter packets 0 bytes 0 masquerade; nft add table ip6 wireguard; nft add chain ip6 wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule ip6 wireguard wireguard_chain counter packets 0 bytes 0 masquerade
PostDown = nft delete table ip wireguard; nft delete table ip6 wireguard
# Android
[Peer]
PublicKey = (redacted)=
PresharedKey = (redacted)=
AllowedIPs = 10.100.0.2/32, fd08:4711::2/128
# laptop-mac
[Peer]
PublicKey = (redacted)=
PresharedKey = (redacted)=
AllowedIPs = 10.100.0.3/32, fd08:4711::3/128
# laptop-win
[Peer]
PublicKey = (redacted)=
PresharedKey = (redacted)=
AllowedIPs = 10.100.0.4/32, fd08:4711::4/128
My laptop client config looks like this:
Code:
[Interface]
[Interface]
PrivateKey = (redacted)=
Address = 10.100.0.4/32, fd08:4711::4/128
DNS = 10.100.0.1, fd08:4711::1
[Peer]
PublicKey = (redacted)=
PresharedKey = (redacted)=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = (redacted).duckdns.org:47111
PersistentKeepalive = 25
If there's anything else I should look over, that'd help. It might be worth noting that I am on XFinity network with a modem provided by them, but using my own Wifi router to designate the Ubuntu server as the DNS server. I've checked what ports Comcast blocks, but 47111 didn't appear on that list. Maybe they're lying?