Contents

Wireguard Client Lost Internet Connection

Wireguard is one of the coolest VPN tunnel I’ve been using so far. To set it up is relatively easy compared to OpenVPN and Cisco Anyconnect, yet it has secure and powerful performance as it is utilizing state-of-the-art cryptography. When I am using it for the first time, I used AWS EC2 instance as a VPN server and have all the peers connected to that EC2 server. I can have a secure connection between computers and robots accross the globe.

There is no big issue I have experienced with Wireguard. However, there was a small mistake that can be happened and everyone that is new to wireguard might be experiencing as well. In this post I will describe common beginner issue that can cost you time for troubleshooting the VPN configuration. Hopefully, this post can help you save your time in finding a solution to your current problem. These error in configuration can cause your wireguard clients to lose the internet connection.

VPN server port forwarding setup

For wireguard clients, to be able to use the server’s internet connection we need to setup the VPN server to allow port-forwarding. Make sure you have the port-forwarding configuration enabled in your VPN server. In Linux Ubuntu, you can do it by running this command.

1
sysctl -w net.ipv4.ip_forward=1

if you are using IPv6, you would need to run

1
sysctl -w net.ipv6.conf.all.forwarding=1

To apply the changes you can run

1
sudo sysctl -p

Missmatch of private key or public key

Sometimes, when you are new to wireguard, you forgot to change the privatekey or publickey when you generate a new key pairs. Always check this whenever you got your wireguard client lost its internet connection. Some problems might happen due to a small mistake like this. Your public key and private key usually stored in this directory etc/wireguard/ i.e. /etc/wireguard/publickey and /etc/wireguard/privatekey.

Firewall configuration

On the VPN server, you should open the port that you are using for wireguard connection. It’s the ListenPort that you define in your wireguard configuration. If you are using firewall, you need to make sure that your firewall is allowing this UDP port the listen the connection from your wireguard clients.

Connection behind NAT

For client who has connection behind NAT, you can add PersistentKeepAlive = to the wireguard configuration. This field will make sure you have the connection even after your connection to the server has gone silent for several period.