Something like two and a half years ago, I set up my WireGuard VPN on this same Ubuntu Server along with my file service. And like now, it was behind my router which was behind a roommates router. Then a year ago I moved and set it up again my my new roommates slightly different Google Fiber router. That time it only didn't work for about a day or something. MY routers MAC address showed right up in the smartphone app on my then roommates phone. Over two months ago, he moved because of problems with a new roommate we have. I didn't think this would cause me any trouble. One day, a little over a month ago I couldn't connect to my VPN anymore. I immediately went to see if Google Fiber changed our public IP address like what happened to me like a year and a half ago and my VPN was down for a week, and then a week or two again because they did it again and I couldn't believe it was the same problem again until finally I checked on a hunch and yes, they changed our public IP twice in around a week or two because it was only up very briefly before they changed it again and I had been down for a whole week. Well, when I moved, I was well rehearsed on what needed to be fixed in order to get my VPN back up and working, so I did what I did when I set up the port forward on my roommates Google Fiber Router two and half years ago and then I checked the public IP address on every device involved. It didn't work right away, but after a day, I guess some background sync service on the GF router did its job and my VPN worked. That was good, I recall being totally stumped. Why isn't it working now? I did everything that needed to be done and I checked everything that could be broken. Then it worked the next day.
That brings us to what happened for over a month now. I didn't know why my old roommate decided put off changing all the utilities and internet to a new roommate after he moved, but he did. And without any warning, all the sudden I had no VPN connection. I immediately checked my public IP and compared it to what everything was already set to and the public IP had not changed. And anyone I talked to about it was like, no, check it again, and so I checked it again same result. And then I found out why, my roommate that now had the utilities was like, hey so everybody pay me now, the real problem flashed before my eyes. Oh! Well, this is a little irritating, especially when I couldn't use it right now, but it should be relatively simple to fix it. So I grabbed my MAC address and asked my roommate who works night shift and is only available at 2PM every day if we could set up my VPN on his phone in his GF app. So I navigated to it almost perfectly this time, found it reasonably quickly buried deep in the apps settings, and I got to the port forward page and put in the port number and the protocol and then I looked for the device the GF router would be port forwarding to. But I couldn't find my Asus routers MAC address on there anywhere. There were no IP addresses to select from on the dropdown list and you can't enter anything manually. There were only a bunch of iPhones, a Roku, a bunch of smart TVs, game consoles, a couple desktop computer hostnames, and two MAC addresses. And neither of them were mine. It was extra frustrating too because one of them looked like it had to be mine but it started with a totally different first letter.
I troubleshooted it several times over the course of the last month. I tried The first "real" step was stop guessing. I ran sudo tcpdump -n -i any udp port 51820 on my Ubuntu server. I never saw anything anytime I tested turning my VPN on and off. No data was shared.
ASUS has a feature called SIP Passthrough under WAN > NAT Passthrough. In many cases, this helper service actually intercepts and messes up UDP 51820 packets. I disabled that immediately.
When I toggled the VPN on my phone (off Wi-Fi), nothing showed up. No packets. This proved the issue wasn't my server or WireGuard config; the packets were being killed by the routers. and a couple weeks and finally asked my roommate if we could try again and so we went in his app settings to my port forward and i grabbed a picture of what everything looked like. He finally found my MAC address and entered it into the space but my VPN still didn't work. Everything looked fine to me. I thought maybe I have to wait a day so the GF router syncs whatever it syncs so that it works again. But after a couple days waiting, nothing happened. I looked at it again when I was board at work, waiting for merchandise to work on. And suddenly I saw that there was the port for WireGuard, and it was written twice separated by a colon or something like that, this looked batter than what I thought I saw before because I recall only entering it once or something like that and thinking, well, that's good, like use that port to go out but also that port to go back in, like, I need to be able to enter it twice, but I didn't see a place to enter it twice. But now I saw that it said port 51820:5182. I looked at that and wondered, was it just cut off, like the 0 at the end is there, it's just cut off by the visible part of the box outline or something. I felt like I was starting to annoy my roommate, I had already texted him and asked him to fix something else and send me another screencap and I was about to text him again and asked if he could do it again. He didn't answer. I said "When you have a chance", hoping that he wouldn't get frustrated, and so he apparently never even actually looked at my text because it showed as delivered and not seen. So I texted again a few days ago and he said he could look at it with me now, and I was on my way home so I rushed in the door and grabbed my laundry to carry up all the flights of stairs where I was going to meet him and we looked at it and it was confounding because he was able to edit the 0 back in there, but then it deselected my device and my MAC address disappeared from the dropdown menu. I asked AI if it thought I needed to turn uPnP plug and play or whatever its called off or on and it said to turn it off, and so we did that too, and I tried flipping back and fourth seeing if that would resurrect my MAC address on the list. And then I saw it, I cleared my port forward and recreated it, and this time when I turned Plus and Play on and off, I saw an option to manually enter an IP address. I thought, well, that's simple, I use the .50 third octet of this GF routers network so it must be ...and then my roommate was like hey, I actually have been up since like 2AM this morning, and I said yeah, we can look at it tromorrow. So now, the next day, I wqas waiting for him to now be available at 5PM, and he texted a little after 2 saying hey I think I figured it out, what IP did you want to enter and so I thought, actually, I recall something I read online about this problem saying that my router will have two IP addresses, an outward facing and an inward facing and for some reason, I thought they would be the same. I mean, I think about this now I think, no, IP, Gateway, Subnet, and DNS. It needs to have an external IP and a Gateway address (the internal address), which is the one I thought I knew off the top of my head. And I thought, okay, I probably don't know the external address. So I rushed to my laptop to open my routers web interface and I saw it, I don't know why I never noticed it before but it said WAN IP and it had an internal IP address, a 192.168 address, class C, I guess. And so there's no confusing it, and down there it says LAN IP, and I thought, okay, that's the Gateway address. So I need to give him this WAN IP I have never had to memorize before. He entered it and I unplugged my laptop from ethernet, turned on my iPhone hotspot, plugged it in via USB, turned on a WireGuard tunnel on my laptop, and no data received. I tried the full tunnel and the half tunnel. Neither of them received data. Hughghghgh! I almost thought, you know, it had to sync that one time, maybe this is that same problem, and then I thought, let me check it on my iPhone directly. So I turned off hotspot and I turned off WIFI and I turned on a WireGuard tunnel and went to connect to my server in the files app. If I have to sit there on the password interface for more than a few seconds, I know it didn't work. But after about five or so seconds, it connected. Huh? It worked?!?!?!?! Why didn't it work on the laptop? I told my roommate thank you and said well, at least it works on my phone, can't be your problem now. I mean, I suppose unless somehow his router was able to reach into my routers inner network, passed the inner NAT and say hey, x device can't play with his toys. So it had to be my problem now. Well, at least I can address it directly now. And then it hit me, wait, I did something wrong on the laptop. So I reconnected to the hotpot over USB, unplugged the ethernet, and I went into the WIFI menu where my hotspot was appearing and kept trying to select it this time, but it wouldn't connect. And then I thought, wait, WIFI is on. If I'm plugged into the hotspot over USB, I don't need WIFI on the laptop on. I turned it off. I saw that a wired connection was registered on the taskbar. I tried to hover over it to see if my phones SSID was there but it wasn't. Well, nothing else is plugged in. I went to WireGuard on the laptop and turned on the half tunnel and the Transfer: data Received number 0 shot up continuously. What a long lost sight!
Now that the "pipe" is open, I can finally get back to using my file server and Pi-hole remotely without the "Socket not connected" headaches.
This has been Truncat3d 00000000111100010100110______________end of line
No comments:
Post a Comment