Differences

This shows you the differences between two versions of the page.

--- vpn-wireguard [2025/09/29 18:44] – [Status] -Move description of first block of text above screenshot hogwild
+++ vpn-wireguard [2025/11/19 20:30] (current) – [Problem: Traffic flowing in one Direction] -Change to: " hogwild
@@ Line 7: / Line 7: @@
 Note that tabs or other interface components in your menus may be different colours, depending on which web interface theme is chosen in the Admin Access menu.
-This HOWTO: [[wireguard_on_freshtomato|Set up WireGuard]] includes an introduction to WireGuard and some basic theory.
+For an introduction to WireGuard, and some basic theory, the [[wireguard_on_freshtomato|Set up WireGuard]] HOWTO may be helpful.
 Unless using an external VPN provider, it's best to "nominate" a main router that will produce configuration files. Clients, such as other FreshTomato routers and other devices should import the configuration generated by the main router. Certain configuration changes may require you to delete and reimport the configuration on those client devices.
@@ Line 99: / Line 99: @@
  \\
-**Poll Interval** - WireGuard's PersistentKeepalive setting.
+**Poll Interval** - a watchdog timer for the WireGuard connection (in minutes)
-This determines how often clients behind NAT send keepalive packets to maintain NAT mappings.
+This causes FreshTomato to ping 1.1.1.1 via the WireGuard interface. If no reply is received in time, the wg service is restarted.\\  \\
- \\
-  * The recommended setting is 25 seconds. This causes WireGuard \\ to send a small packet to its peer every 25 seconds when no \\ other traffic occurs. This keeps the connection alive through \\ NAT or firewalls that might otherwise close idle UDP sessions. \\ \\
-  * Default: 0. This disables the feature, so packets are sent only\\ as needed. This is fine for most users not behind restrictive NAT.
  \\
@@ Line 435: / Line 430: @@
 If a link is up, the handshake done and the tunnel established, you should see the peer's interface ID, and the the time of the latest handshake process. You should also see real-time traffic data such as bytes transmitted (tx) and bytes received (rx). These details confirm the tunnel is established and data is flowing through it.
-For example, for this WireGuard instance:
+ \\
+For example, for this WireGuard instance:
 The first block of text includes this router's:
@@ Line 445: / Line 440: @@
   - Public key
   - UDP listening port
- \\
  \\ \\ {{::vpn-wireguard-status-2025.3.png?473}}
 \\
-The first block of text includes this router's:
-  - WireGuard Interface name
-  - Interface's alias (if set)
-  - Public key
-  - UDP listening port
- \\
 The second block of text displays the Peer's: \\
@@ Line 498: / Line 481: @@
     * Remote LAN IP
- \\  The point of failure found will provide critical insight into the type of issue you are facing.
+ \\  The point of failure you find will guide you in understanding what type of issue you are facing.
  \\
+==== Problem: Traffic flowing in only one Direction ====
  \\
+Sometimes, it may occur that from one end of your setup ("A)", you can ping devices and both VPN virtual interfaces at the other end ("B"), however, from end B, you cannot ping the remote router or devices or the client VPN virtual interface at end A.
+It this occurs, please check that there are default routes setup from B to A. Also, please check that on the client side, (in this case, end B), the "Inbound firewall" option is disabled. On the server side, make sure to add the client's subnet, so it knows how to route traffic from the server back to the client.

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools