Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't access to any website even it seems it's working. #9

Open
emailforos opened this issue Dec 10, 2023 · 8 comments
Open

Can't access to any website even it seems it's working. #9

emailforos opened this issue Dec 10, 2023 · 8 comments

Comments

@emailforos
Copy link

emailforos commented Dec 10, 2023
edited
Loading

Hi.

I deployed your docker in a free Oracle VPS and I have a problem. Adguard is receiving the DNS queries but my cell phone is not receiving the answer so it doesn't enter to any website.

My setup is:

adwireguard:
    container_name: adwireguard
    # image: ghcr.io/iganeshk/adwireguard-dark:latest
    image: iganesh/adwireguard-dark:latest
    restart: unless-stopped
    ports:
      - '53:53'           # AdGuardHome DNS Port
      - '3000:3000'       # Default Address AdGuardHome WebUI
      - '853:853'         # DNS-TLS
      - '51820:51820/udp' # wiregaurd port
      - '51821:51821/tcp' # wg-easy webUI
    environment:
        # WG-EASY ENVS
      - WG_HOST=xxx.duckdns.org
      - PASSWORD=${PASS}
      - WG_PORT=51820
      - WG_DEFAULT_ADDRESS=10.10.11.x
      - WG_DEFAULT_DNS=${APP_ADGUARD_IP}
      - WG_MTU=1420
      - WEBUI_HOST=0.0.0.0 # Change this to allow binding to other than 0.0.0.0 port
    volumes:
        # adguard-home volume
      - ${HOME}/docker/adguard/work:/opt/adwireguard/work
      - ${HOME}/docker/adguard/confdir:/opt/adwireguard/conf
        # wg-easy volume
      - ${HOME}/docker/wireguard:/etc/wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=1    # Disable IPv6
    networks:
      default:
        ipv4_address: ${APP_ADGUARD_IP}`

And I'm able to reach adguard and wireguard webui.

In adguard I see that there are queries:
imagen

And in wireguard, there is up/down changes:
imagen

Before I was using adguard and wg-easy "standard" docker installation but I was looking for a solution to be able to see all the clients IP in adguard to customize the filtering (some for my wife and I, some for my kids).

I tried somethings but I'm noob in networks setup.

Any idea of what I can check or try?

Thank you in advance.
@emailforos
Copy link
Author

Hi.

I deployed your docker in a free Oracle VPS and I have a problem. Adguard is receiving the DNS queries but my cell phone is not receiving the answer so it doesn't enter to any website.

My setup is:

adwireguard:
    container_name: adwireguard
    # image: ghcr.io/iganeshk/adwireguard-dark:latest
    image: iganesh/adwireguard-dark:latest
    restart: unless-stopped
    ports:
      - '53:53'           # AdGuardHome DNS Port
      - '3000:3000'       # Default Address AdGuardHome WebUI
      - '853:853'         # DNS-TLS
      - '51820:51820/udp' # wiregaurd port
      - '51821:51821/tcp' # wg-easy webUI
    environment:
        # WG-EASY ENVS
      - WG_HOST=xxx.duckdns.org
      - PASSWORD=${PASS}
      - WG_PORT=51820
      - WG_DEFAULT_ADDRESS=10.10.11.x
      - WG_DEFAULT_DNS=${APP_ADGUARD_IP}
      - WG_MTU=1420
      - WEBUI_HOST=0.0.0.0 # Change this to allow binding to other than 0.0.0.0 port
    volumes:
        # adguard-home volume
      - ${HOME}/docker/adguard/work:/opt/adwireguard/work
      - ${HOME}/docker/adguard/confdir:/opt/adwireguard/conf
        # wg-easy volume
      - ${HOME}/docker/wireguard:/etc/wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=1    # Disable IPv6
    networks:
      default:
        ipv4_address: ${APP_ADGUARD_IP}`

And I'm able to reach adguard and wireguard webui.

In adguard I see that there are queries: imagen

And in wireguard, there is up/down changes: imagen

Before I was using adguard and wg-easy "standard" docker installation but I was looking for a solution to be able to see all the clients IP in adguard to customize the filtering (some for my wife and I, some for my kids).

I tried somethings but I'm noob in networks setup.

Any idea of what I can check or try?

Thank you in advance.

UPDATE:
With the VPN activated I can reach all the web ui's of the docker services I'm running: Portainer, Uptime-kuma, but I can't access an external website.

@Komaax
Copy link

Komaax commented Dec 11, 2023

I already had this setup up and running, since the update from yesterday I'm experiencing similar problems. The performance on my windows-client went downhill. It takes an eternity to load websites (even though the DNS-Requests are answered fast). On android phone external websites are not reachabel (dns_probe_possible). With WG disabled, everything works like a charm.

@emailforos
Copy link
Author

emailforos commented Dec 22, 2023
edited
Loading

UPDATE:
I've made a tcpdump in the docker and I see a lot of messages like:

10:19:54.398829 IP 10.10.11.4.60995 > fa005bb81348.53: 59550+ AAAA? www.google.com. (32)
10:19:54.420527 IP 10.10.11.1.53 > 10.10.11.4.60995: 59550 1/0/0 AAAA 2a00:1450:4001:81c::2004 (60)
10:19:54.488269 IP 10.10.11.4 > 10.10.11.1: ICMP 10.10.11.4 udp port 60995 unreachable, length 96
10:19:56.409015 IP 10.10.11.4.60995 > fa005bb81348.53: 59550+ AAAA? www.google.com. (32)
10:19:56.409290 IP 10.10.11.1.53 > 10.10.11.4.60995: 59550 1/0/0 AAAA 2a00:1450:4001:81c::2004 (60)
10:19:56.478938 IP 10.10.11.4 > 10.10.11.1: ICMP 10.10.11.4 udp port 60995 unreachable, length 96
10:20:01.409387 IP 10.10.11.4.1601 > fa005bb81348.53: 57598+ A? www.google.com. (32)
10:20:01.426724 IP 10.10.11.1.53 > 10.10.11.4.1601: 57598 1/0/0 A 216.58.206.36 (48)
10:20:01.498673 IP 10.10.11.4 > 10.10.11.1: ICMP 10.10.11.4 udp port 1601 unreachable, length 84
10:20:11.048789 IP 10.10.11.4.1601 > fa005bb81348.53: 57598+ A? www.google.com. (32)
10:20:11.049130 IP 10.10.11.1.53 > 10.10.11.4.1601: 57598 1/0/0 A 216.58.206.36 (48)
10:20:11.119412 IP 10.10.11.4 > 10.10.11.1: ICMP 10.10.11.4 udp port 1601 unreachable, length 84
10:20:24.889023 IP 10.10.11.4.40351 > fa005bb81348.53: 64945+ AAAA? www.google.com. (32)
10:20:24.889371 IP 10.10.11.1.53 > 10.10.11.4.40351: 64945 1/0/0 AAAA 2a00:1450:4001:81c::2004 (60)
10:20:24.958643 IP 10.10.11.4 > 10.10.11.1: ICMP 10.10.11.4 udp port 40351 unreachable, length 96
10:20:32.829012 IP 10.10.11.4.40351 > fa005bb81348.53: 64945+ AAAA? www.google.com. (32)
10:20:32.829380 IP 10.10.11.1.53 > 10.10.11.4.40351: 64945 1/0/0 AAAA 2a00:1450:4001:81c::2004 (60)
10:20:32.898914 IP 10.10.11.4 > 10.10.11.1: ICMP 10.10.11.4 udp port 40351 unreachable, length 96

I suppose that something is blocking some UDP connections.

I'm sorry that my knowledge is so reduced to know what it's really happening and to find a solution.

@emailforos
Copy link
Author

@iganeshk, please, can you have a look to this issue?

@Komaax, did you find a solution?

I'm interested in your solution to be able to filter my son's cell phones and pcs in a different way than my wife's.

@FreshImmuc
Copy link

+1

@FreshImmuc FreshImmuc mentioned this issue May 27, 2024
Closed
@FreshImmuc
Copy link

@emailforos @Komaax If you have the same problem as i did you can try my fixed config in #10

@emailforos
Copy link
Author

@emailforos @Komaax If you have the same problem as i did you can try my fixed config in #10

Hi, @FreshImmuc.

It seems to work.

I will give it a try this weekend.

Thank you.

@FreshImmuc
Copy link

Sure, tell me if it worked :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Komaax @emailforos @FreshImmuc