Remote access and Wireguard not working

Remote Access not working

I am running HA as a docker container and I setup wireguard with duckdns to get remote access. However whenever wireguard is turned on on my phone I have no access to internet no websites load and even speedtest dors not work. I searched up a few things and I even decreased the MTU but still no luck. Am i missing something here but it just isn’t working unfortunately. Or I am wondering if there is another way to get remote access to HA when I am running it as a container?

This is definitely a wireguard question and not an HA question. Wireguard can be a bugger to debug problems. Given that you say you’re not getting internet or web after activating wireguard that’s long before HA even comes into the picture.

I run Wireguard with HA in a docker on the same hardware and it works flawlessly, so take that to heart. WG is running on the metal, not in a docker. MTU is probably not your problem as you figured out, usually this is a mismatched key set, a failure to open the proper port on your router and forward it to the wireguard server, or something like that.

Also, I’d recommend not using 0.0.0.0/0 as your route on the phone, just set it for your subnet inside the network unless you really want to route all your phone’s internet traffic through your home wireguard and back out. Which does have it’s uses…

So to state these as basic steps which you’ll need to research more:

  1. Make sure your router forwards the port for your wireguard server. I.e. if your wireguard server is configured as 51820 (default) then your router has to forward UDP for 51820 to the internal IP address of your wireguard server.

  2. Make sure you have the proper server’s PUBLIC key configured in your phone, and your phone’s PUBLIC key in the server. I’ve made the mistake of copying the private over before…

  3. Set your MTU back to 1412 on both ends

  4. Set your Allowed IPs on the phone end to your local subnet that matches your home network. I.e. 192.168.1.0/24. Truth be told I duplicate my config on the phone and have one set that way and one as 0.0.0.0/0. That way when I’m on an open wifi I can fire up WG and tunnel all my traffic through my house for security.

  5. Look at the packet statistics on wireguard’s status screen on the phone. Is it sending packets but getting zero in return? Then either your port isn’t forwarded or your ISP is blocking it. Or the keys are wrong.

Also, I use JuiceSSH on my Android. It’s great for SSH into my servers, and it also will let you ping things to see if they are working properly.

To answer your other question about remote access. I actually don’t require WG to use the HA interface, but I have MFA enabled and a valid HTTPS certificate installed. For that I run nginx on the metal that listens with the HTTPS and the dyn-dns name I’ve given myself. It forwards that connection to the docker web port for HA. With that everyone in my house can have the HA app on their devices and don’t need to WG in which is pretty much over their heads. But I’m also a bit of a security nut so I have geoblocking on my router that only allows my own country to connect.