This is my wireguard client config:
[Interface]
Address = 9.0.0.2/32
PrivateKey = <private>
[Peer]
PublicKey = <server-pubkey>
Endpoint = <server-ip>:50123
PersistentKeepalive = 25
AllowedIPs = 9.0.0.0/24
I see in wireshark Handshake Initiation and Source and Destination addresses are correct, but I am not getting responses from server.
But when I run tcpdump -n -X -i ens160 udp port 50123 on server I see nothing.
I thought there was a problem with the firewall, but no. I tried to send something over socat
socat udp:<server-ip>:50123 -
and it worked (tcpdump printed results).
But server cant still receive packets (datagrams) from wireguard client.
I tried workaround using socat as a relay:
socat udp-listen:50123 udp:<server-ip>:50123
and changed Endpoint = <server-ip>:50123
to Endpoint = 127.0.0.1:50123
And it started to work. But why it works over socat and not using direct connection?
I have this versions:
client: wireguard-tools 1.0.20210914-1 (archlinux)
server: wireguard-tools 1.0.20200513-1~20.04.2 (Ubuntu 20.04 LTS)
PS: I tried same client setup on android and it worked, there must be some problem with archlinux version. Dmesg says this (on achlinux):
[12592.005135] wireguard: wg0: No peer has allowed IPs matching 239.255.255.250
[12595.005999] wireguard: wg0: No peer has allowed IPs matching 224.0.0.251
[12595.006217] wireguard: wg0: No peer has allowed IPs matching 224.0.0.251
[12595.014611] wireguard: wg0: No peer has allowed IPs matching 224.0.0.22
[12595.777939] wireguard: wg0: No peer has allowed IPs matching 224.0.0.22
[12596.007290] wireguard: wg0: No peer has allowed IPs matching 224.0.0.251
[12596.007428] wireguard: wg0: No peer has allowed IPs matching 224.0.0.251
[12596.817910] wireguard: wg0: Handshake for peer 43 (<server-ip>:50123) did not complete after 5 seconds, retrying (try 2)
[12596.817942] wireguard: wg0: Sending handshake initiation to peer 43 (<server-ip>:50123)
Where <server-ip>
is IP of server but I must keep ip secret so I replaced it with this keyword.