Wireguard Unable to Complete Handshake on Android only 4G network

networking iptables vpn wireguard

Solution 1:

MASQUERADE/POSTROUTING rules do not change where certain traffics go. Routes do. The problem is that you have a default route (or what's equivalent) that leads traffics into the pia tunnel.

You will need to make use of policy routing for the replying traffics from the wireguard server:

# ip r add 192.168.1.1 dev eth0 table 123
# ip r add default via 192.168.1.1 table 123
# ip rule add iif lo ipproto udp sport 51820 lookup 123

The first command could be optional. Make sure you replace 192.168.1.1 and eth0 with the LAN IP of your router and the interface name of your Ethernet NIC correspondingly. (You can copy them from the output of ip r, i.e. routes in the main table.) The number 123 is arbitrary. iif lo limits the rule to UDP traffics with source port of 51820 from the host itself (but not such traffics from another host).

Related

Virtual Box 'VERR_SSM_LOAD_CONFIG_MISMATCH' error when restoring a snapshot
Added some console programs to System PATH, Can't invoke them via the registry
Google Drive Desktop does not launch
Will Dropbox delete malware in my uploads?
How can I make my computer display on my monitor?
Can't send mail with MH-E (nmh)
Moba Xterm removes folder structure when dragging and dropping a folder into SFTP panel
Is it possible to get the serial number of a GPU without opening the case?
How can I "comment out" files in the Startup folder in Windows?
How do i make systemd-networkd ignore DHCP pushed default route?
Since the rules do not forbid “I brought him him”, can I therefore say it that way?
For the linguists among us: I like loud singing vs I like singing loudly