Hello, I am trying to use my Raspberry Pi 3b+ as WireGaurd VPN so I can access services like a website running on it. It is currently working so that I can connect my client device to it, and access services/websites on the Pi, but when my client is on the VPN, I cannot access the internet. I don’t think my Pi can access the internet while the VPN is running either. From what I’ve found, it looks like this might be a firewall/networking issue. My pi is running Bookworm with nftables installed by default, but I don’t know much about nftables so I’m thinking that may be the problem. Here is my configuration:
Raspberry Pi /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = <raspPi_priv_key>
Address = 10.0.0.1/24
Listen Port = 51820
[Peer]
PublicKey = <client1_pub_key>
Allowed IPs = 10.0.0.2/32
[Peer]
PublicKey = <client2_pub_key>
Allowed IPs = 10.0.0.3/32
Client1 Device WireGuard settings (iOS app):
[Interface]
Private Key: <client1_priv_key>
Public Key: <client1_pub_key>
Addresses: 10.0.0.2/32
Listen Port: 51820
[Peer]
Public Key: <raspPi_pub_key>
Endpoint: <my_home_network_public_IP>:51820
Allowed IPs: 0.0.0.0/0
Uncommented in /etc/sysctl.conf:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Running “ip route” on pi lists wg0 (but it is not default)
Router:
Port forwarded 51820 for Pi’s local IP as UDP
Raspberry Pi 3b+ is running bookworm OS
Previously tried (one at time and in combination):
1. In RaspPi /etc/wireguard/wg0.conf: Set allowedIPs as 10.0.0.2/32, 0.0.0.0/0, ::/0
2. In RaspPi /etc/wireguard/wg0.conf: Add PostUp and PostDown nftables rules (using pihole docs)
3. Modified /etc/nftables.conf (nftables service is enabled and started)
4. Cannot install ufw (but it tries to install iptables as a dependency anyway)
Raspberry Pi /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = <raspPi_priv_key>
Address = 10.0.0.1/24
Listen Port = 51820
[Peer]
PublicKey = <client1_pub_key>
Allowed IPs = 10.0.0.2/32
[Peer]
PublicKey = <client2_pub_key>
Allowed IPs = 10.0.0.3/32
Client1 Device WireGuard settings (iOS app):
[Interface]
Private Key: <client1_priv_key>
Public Key: <client1_pub_key>
Addresses: 10.0.0.2/32
Listen Port: 51820
[Peer]
Public Key: <raspPi_pub_key>
Endpoint: <my_home_network_public_IP>:51820
Allowed IPs: 0.0.0.0/0
Uncommented in /etc/sysctl.conf:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Running “ip route” on pi lists wg0 (but it is not default)
Router:
Port forwarded 51820 for Pi’s local IP as UDP
Raspberry Pi 3b+ is running bookworm OS
Previously tried (one at time and in combination):
1. In RaspPi /etc/wireguard/wg0.conf: Set allowedIPs as 10.0.0.2/32, 0.0.0.0/0, ::/0
2. In RaspPi /etc/wireguard/wg0.conf: Add PostUp and PostDown nftables rules (using pihole docs)
3. Modified /etc/nftables.conf (nftables service is enabled and started)
4. Cannot install ufw (but it tries to install iptables as a dependency anyway)
Statistics: Posted by siau_ — Thu May 15, 2025 3:15 am