I did a fresh installation of freedombox and updated it manually. The update appears to be successful. The first application I set about setting up was wireguard. I set everything up as it should and as it was before but for some reason the client device cannot access the internet. I know how it should be set up to have access because I used it before the update. I will attach pictures. I guess the problem is related to network or firewall settings.
Hello @johnny
I have look at my Allowed Client set up page to see if there a general different. What stands out is that the Server endpoints: as been left Blank but on my Desktop machine I have the the Server endpoints: set to the url of my wireguard server.
So should your Server endpoints: be left blank ?
On your Allowed Client page - I think so.
I hope the above makes sense !
Regards: peter
Actually, i don’t really understand what you are saying. On the pictures i uploaded is my last working configuration before the update. One is the server page configuration and the last is the mobile client configuration. Both have my DDNS address as server endpoint. The question is what is the change after the update, so i do not have internet access when the VPN is on?
I’ve tried changing different configurations, but it doesn’t work. I turned off the firewall to see if it was the problem, but still no internet access. The only address it can connect to is the local IP address of the freedombox and nothing else, not even with the router. I see that there is a change in the network settings and interfaces, but I can’t figure out where the problem is. Is the problem not in BIND and related to DNS resolving? Is anyone else having the same problem after the update, or are you ok?
I’m not an expert, but my guess would be that your interfaces should be like this:
- Wired connection 1 (end0) > Firewall zone: internal
- WireGuard-Server-wg0 (wg0) > Firewall zone: external
My interfaces are:
- Wired connection 1 (end0) > Firewall zone: External
- WireGuard-Server-wg0 (wg0) > Firewall zone: Internal
Since I can’t change the zone or edit at all the wg0 interface from plinth (I can from cockpit). The interfaces were the same way before the update, and they were working flawlessly. I tried changing a ton of things and nothing worked. I am sure that the problem is in the update, but i still can’t determine what exactly is the difference before it. I tried different clients and the result is the same. So my setting is correct, because they have a connection with the server but no internet access. The problem also is not the firewall - I turned it off, and nothing changed. Also, not the router - I didn’t change any settings since long time and again, it was working before the update. It is a complete mystery for me.
I have the same problem. Before the update, the VPN worked flawless. The behaviour I observe:
- I cannot connect to an external website via the VPN.
- I CAN connect to the freedombox webinterface via the VPN. Both from my LAN and from outside my LAN. That also means that I setup everything correct in my Router.
I changed the firewall setting to external as mentioned in other posts but no luck. I also changed nothing else.
I apologise. You are correct. The Wired connection should be external if you want to have internet access while on the VPN, on the Pioneer. I got it mixed up.
I made another fresh installation and updated it successfully to the new release, but the problem with WireGuard stays the same - there is a connection between the client and the server, but has no internet access. I think that the problem is somehow related to the new network interfaces (old eth0 and new end0) but I don’t have enough knowledge to Linux systems to know how and why. Anyway the new interfaces looks pretty strange for me, especially that switch, but as I say my competence is too low to judge. I created an issue in issue tracker Wireguard client connected, but has no internet access (#2358) · Issues · FreedomBox / FreedomBox · GitLab
1 Like
You will all need the firewall fixes from this thread to make it work again:
https://discuss.freedombox.org/t/debian-12-bookworm-release-and-upgrading/2591/6
and both the new rules and setting the default interface to external - even if it was public before.
2 Likes
That solved the problem! There is already an internet access! Thank you very much! Thanks to @cas and @Avron too for the suggested solutions in the other post! I’m posting the solution to the problem, so other users can see it right in this thread:
firewall-cmd --permanent --new-policy int_to_ext_fwd
firewall-cmd --permanent --policy int_to_ext_fwd --add-ingress-zone internal
firewall-cmd --permanent --policy int_to_ext_fwd --add-egress-zone external
firewall-cmd --permanent --policy int_to_ext_fwd --set-priority 100
firewall-cmd --permanent --policy int_to_ext_fwd --set-target ACCEPT
firewall-cmd --permanent --zone=external --add-masquerade
firewall-cmd --permanent --zone=internal --add-forward
systemctl restart firewalld.service
3 Likes
Thanks it seems to be working now again. Just out of curiosity, is somebody able to explain the command line by line in plain English? I just want to know what each line means
Thank you your Android screenshot helped me setup my App (it wasn’t really intuitive). The only thing that didn’t work was the DNS servers section. It only works when left empty… otherwise it connects to the VPN server but doesn’t have internet access.