So I’ve found a few other times where this has been brought up but I haven’t been able to find a case where there was a resolution. Usually it’s brought up but then there’s no replies. Hoping to figure out what could be causing this…
Essentially Wireguard works perfectly fine over the local network can connect and do everything through the vpn with the public ipv6 address, however when taking that device off the network and attempting to connect the connection happens however there’s no internet or lan connection. I can see data going back and forth in the client ui and also on the webserver I can see that I’ve connected from that ui.
A search for WG Easy and IPv6 shows several items, one of which appears to be an issue with WG Easy.
IPv6 is very tricky. If your router is not configured properly to allow v6 it won’t work. Dual stacking v4 and v6 both in TrueNAS and your router properly configured to allow v6 should allow traffic to pass both ways. See if this is the answer to your issue: IPv6 support · Issue #138 · wg-easy/wg-easy · GitHub
It should be setup properly, especially because every other service on my TrueNAS works properly over IPV6
This also should be configured correctly (I did read through that git issue and associated issues but couldn’t find anything that would help) since I’m able to access the WebUI over the IPv6 address both when on the network and off. Also the packets are going back and forth I get transfer both ways
Just from what I can see from the logs though is both successfully send the handshake initiation and get “Received handshake response” so it’s initially correct on both ends… However on the one that’s outside of the network we get
09-05 09:35:08.457 3493 3549 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Receiving keepalive packet
09-05 09:35:24.870 3493 3698 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Retrying handshake because we stopped hearing back after 15 seconds
09-05 09:35:24.871 3493 3698 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Sending handshake initiation
09-05 09:35:29.961 3493 3698 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Handshake did not complete after 5 seconds, retrying (try 2)
09-05 09:35:29.961 3493 3698 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Sending handshake initiation
09-05 09:35:35.001 3493 3549 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Handshake did not complete after 5 seconds, retrying (try 3)
09-05 09:35:35.001 3493 3549 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Sending handshake initiation
09-05 09:35:40.195 3493 3551 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Handshake did not complete after 5 seconds, retrying (try 4)
09-05 09:35:40.195 3493 3551 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Sending handshake initiation
09-05 09:35:40.918 3493 3551 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Retrying handshake because we stopped hearing back after 15 seconds
09-05 09:35:45.327 3493 3549 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Handshake did not complete after 5 seconds, retrying (try 2)
09-05 09:35:45.327 3493 3549 D WireGuard/GoBackend/test: peer(7ku9…y9T0) - Sending handshake initiation
It seems like the original connection is successful but after the initial connection it’s not able to communicate anymore.
I suggest opening a JIra ticket on this issue, but if it is a problem with WG Easy and not TrueNAS then there is not much we can do. Still, open the issue ticket, download your debug file.
Open the ticket and submit. Use the link sent to you in the confirmation email to upload your debug to the private file attachment area. Link this to your NAS ticket before you click Save.
Doing the above allows us to keep your private data protected and the NAS ticket public so others can see the issue but not have access to private information.
