So WireGuard is all the rage currently, and having recently wiped out my Pi-based Pi-hole/OpenVPN setup1, it seemed like the perfect time to take it for a spin and kick the tires. I almost ended up being lazy and running with Tailscale but they don’t have an Android app yet, so that’s a massive joke. Anyway, there’s more tutorials for setting up WireGuard out there than I can throw a stick at so I won’t add to that noise. Instead, I’ll tell you about my silly mistake that stole about 15 minutes of my life.

So I’ve followed along with the quick start and unofficial documentation2, and I hit connect on the my phone. No good, I’m not seeing any received traffic.

  • I go to check the logs in the android app itself but it’s just noise, I can’t see anything useful in the context of debugging a connection. Bummer.
  • I check that I’ve forwarded the correct port to the correct address on my home network. Yep, I have.
  • I check that my Dynamic DNS3 is providing the correct IP. It is.
  • I check that I’ve actually configured WireGuard correctly and that there aren’t any typos in the port number. Yup, all correct.

By this stage, I’m starting to get frustrated. Everyone talks about how easy WireGuard is to set up! What’s going on? I kill WireGuard and fire up nc -l <WireGuard port> on the server and nc <server address> <WireGuard port> on my desktop. The connection is made, and text entered on the client appears on the server. Alright, the port works locally. I try again using the DDNS address. Same again, it works. Okay, the forwarding on the router is working fine too. Hm. Something is different though. The DDNS address. squinting intensifies That’s a .org.

  • I check the endpoint address I’ve configured in the Android app. It’s .com

Robert Downey Jnr sighing

So, when something isn’t connecting, check that you’ve given it the right address.

  1. Pi-hole is now running on my Kubernetes cluster. 🤷 ↩︎

  2. Why are the official docs not like this? 😠 ↩︎

  3. The awesome Duck DNS project. 🎉 ↩︎