I set up a WireGuard server via my home router's Web frontend (FritzBox) and let it generate a WireGuard config file for my laptop following the official manual. Then, I loaded this WireGuard client config into Ubuntu via the NetworkManager applet (via import from file). The WireGuard config file on the client looks as follows:
[Interface]
PrivateKey = abcdefghijklmnopqrstuvwxyz=
Address = 192.168.188.201/24
DNS = 192.168.188.1
DNS = fritz.box
[Peer]
PublicKey = asdfjijwfojwdofwofoewofjfojej=
PresharedKey = dijowjfowfoowijfoejfowfowefowefjow=
AllowedIPs = 192.168.188.0/24,0.0.0.0/0
Endpoint = xxxxxxxxxxxx.myfritz.net:12345
PersistentKeepalive = 25
When I activate this connection, the following interface appears on my client:
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 192.168.188.201 netmask 255.255.255.0 destination 192.168.188.201
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
ip r outputs:
default dev vpn0 proto static scope link metric 50
default via xx.xx.xx.1 dev wlp2s0 proto dhcp src xx.xx.xx.53 metric 600
xx.xx.xx.0/23 dev wlp2s0 proto kernel scope link src xx.xx.xx.53 metric 600
xx.xx.xx.1 dev wlp2s0 proto static scope link metric 50
10.68.0.0/17 dev vpn0 proto kernel scope link src 10.68.69.57 metric 50
yy.yy.yy.2 via xx.xx.xx.1 dev wlp2s0 proto static metric 50
zz.zz.0.0/16 dev wlp2s0 scope link metric 1000
192.168.188.0/24 dev wg0 proto static scope link metric 50
192.168.188.0/24 dev wg0 proto kernel scope link src 192.168.188.201 metric 50
One thing to note is that I concurrently also activated another VPN connection (vpn0). This VPN connection is required because my DynDNS provider is unaccessible in the country where I'm currently reside. A connection to my home router is impossible if I don't activate the other VPN connection first.
When connected, the router frontend shows an active connection to my laptop. ping 192.168.188.1 works just fine with reasonable latency (ca. 200 ms). However, no HTTP traffic to private websites can be made. curl 192.168.188.1 reports Connection reset by peer after hanging a long time. Public websites are still accessible as usual. ssh 192.168.188.1 promptly returns connect to host ... port 22: Connection refused (i.e., seems ok).
The firewall on my laptop is inactive (ufw status reports Inactive). I tried adding routing table rules on the client's WireGuard config, but nothing changes (I believe, this is only a solution for server-side problems). My phone works perfectly fine with the same WireGuard setup.
