#IPv4 with Wireguard not working

Maybe someone here can help me figure this out.
I used the script to get qBittorrent and in the same LXC also installed wireguard with AirVPN.
For some reason it only connects to IPv6.
I tried forcing it to IPv4 but when i do this nothing works anymore.
curl ifconfig.me doesnt return anything
pings dont go anywhere.
Does someone have an idea?

@wintry flame

ip a

With or without wireguard on?

Both

Shouldn't change much

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether bc:24:11:a9:25:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.107/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a02:8388:284a:1600:be24:11ff:fea9:2585/64 scope global dynamic mngtmpaddr
valid_lft 1051726sec preferred_lft 446926sec
inet6 fe80::be24:11ff:fea9:2585/64 scope link
valid_lft forever preferred_lft forever

Without

ip a gets local

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether bc:24:11:a9:25:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.107/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a02:8388:284a:1600:be24:11ff:fea9:2585/64 scope global dynamic mngtmpaddr
valid_lft 1051705sec preferred_lft 446905sec
inet6 fe80::be24:11ff:fea9:2585/64 scope link
valid_lft forever preferred_lft forever
6: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1320 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.187.105.64/32 scope global wg0
valid_lft forever preferred_lft forever

And you're saying that when the configuration is active, you can't get an IPv4 address to your local network?

root@qbittorrent:~# wg-quick up wg0
wg-quick: `wg0' already exists
root@qbittorrent:~# curl ifconfig.me
curl: (6) Could not resolve host: ifconfig.me
root@qbittorrent:~#

And you're sure your WG configuration is properly set up?

It seems like a configuration mismatch, as the interface seems set properly

Yea, I did it multiple times

Take the configuration, and install it locally onto your PC and see if it works there

Yea I did that before

I even used WG windows client to be sure

Instead of AirVPN native

Yeah, that's what I was asking. One sec

Do you have a local firewall instance on the LXC running? iptables, etc?

Not sure

Where did you generate your initial config?

With AirVPNs config generator

And this config isn't in use anywhere else...? They probably allow multiple instances from your account, just not the same PEER information ...

Mhh no, because when I connect to it via the windows app I use the same config.
It works there I can connect and check my ip and its an ipv4.
And I close the session right after

are you watching traffic with watch wg show all?

I wouldnt even mind setting up a new LXC.
Question is, is it better to use the qBittorrent script or the wireguard one to start

No

I don't use WG at the client level, I only run it at the firewall and gateway level for much better control, flexability and observability

Fair

set WG up and then do wg show

interface: wg0
public key: MrWGrBey6AKnwejGTsG81r2Rpo6KCji01m86U3g8ryc=
private key: (hidden)
listening port: 40754
fwmark: 0xca6c

peer: PyLCXAQTAKkM4T+dUsOQfn+UbcpGxfGlxkIApuig+hk=
preshared key: (hidden)
endpoint: 217.64.127.194:1637
allowed ips: 0.0.0.0/0
latest handshake: 51 seconds ago
transfer: 39.10 KiB received, 2.32 KiB sent
persistent keepalive: every 15 seconds
root@qbittorrent:~#

You ever mess with TCPDUMP?

I hope not

That's not what yo uthink it is ... one sec

Do you get output with tcpdump -i wg0?

Nope

Wait a moment. If WG tunnel is up, it should

No I dont have tcpdump

Oh, install it.

Here is another example.
I forgot to turn off wireguard thats why it cant fetch that stuff

Need to get 624 kB of archives.
After this operation, 1,741 kB of additional disk space will be used.
Ign:1 http://deb.debian.org/debian bookworm/main amd64 libpcap0.8 amd64 1.10.3-1
Ign:2 http://deb.debian.org/debian bookworm/main amd64 tcpdump amd64 4.99.3-1
Ign:1 http://deb.debian.org/debian bookworm/main amd64 libpcap0.8 amd64 1.10.3-1
Ign:2 http://deb.debian.org/debian bookworm/main amd64 tcpdump amd64 4.99.3-1
Ign:1 http://deb.debian.org/debian bookworm/main amd64 libpcap0.8 amd64 1.10.3-1
Ign:2 http://deb.debian.org/debian bookworm/main amd64 tcpdump amd64 4.99.3-1
Err:1 http://deb.debian.org/debian bookworm/main amd64 libpcap0.8 amd64 1.10.3-1
Temporary failure resolving 'deb.debian.org'
Err:2 http://deb.debian.org/debian bookworm/main amd64 tcpdump amd64 4.99.3-1
Temporary failure resolving 'deb.debian.org'
E: Failed to fetch http://deb.debian.org/debian/pool/main/libp/libpcap/libpcap0.8_1.10.3-1_amd64.deb Temporary failure resolving 'deb.debian.org'
E: Failed to fetch http://deb.debian.org/debian/pool/main/t/tcpdump/tcpdump_4.99.3-1_amd64.deb Temporary failure resolving 'deb.debian.org'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Yeah, I get that. Turn it off and get the package

root@qbittorrent:~# tcpdump -i wg0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes

Not much happening after that

I think its going to run into a timeout

throw in -vvv at the end

tcpdump -i wg0 -vvv

Same outcome

Give it a moment, it starts monitoring

I just want to see if it can even call out DNS

Still nothing

It sounds like you're not routing out, or since handhake took

So its established a connection to the VPN, but none of your traffic is being sent out the WG tunnel, for some reason

Let me check on something, real fast ..

With WG up can you ping 8.8.8.8?

Nope

Wait..

allowed ips: 0.0.0.0/0 <-- Make this your LAN ..

I have a thought

How would I do that haha

that's in your config, isn't it?

This is in my wg0.conf

Yes, change it to your main interface..

192.168.0.107/32

ahhh in the wg file

got you

This will tell me something, I think

It should fail out spectacularly

Mhhh i wg down and up

Didint fail

Didnt do much

I don't know for sure what's going on here, since it should have gone up and then down.

Yea at some point I think I just gotta throw in the towl. Make a new LXC and hope that it works there

I've never had any issues, at all when I ran WG inside of a container... Not that I use paid for VPN's, I'm talking about connecting between my own WG networks across the globe.

So I think your configuration is a bit broken, or the install went awry...

Which basically means "IT COULD BE A LOT OF THINGS"

Yea, but thanks for trying

Wish I had more insight. I could do a ton of logging for you, but IDK if that would help, since you can create a handshake, it's just when you send data across it fails out.

I will try a new LXC tomorrow and see