Hey folks,
I’ve searched here in Reddit (for example, this post) and in Google and can’t find for the life of me why this setup isn’t working.
Context
I want to use my Raspberry Pi as a VPN Gateway so we can “look” like we’re in a specific country. We can’t use a VPN client in our laptops as they’re work ones and we can’t use a VPN client in there (basically because we will already be using the work one).
So the setup is:
Laptop with default gateway to → Raspberry Pi → Router → VPN (Surfshark using WireGuard) → Internet
Here’s my WireGuard configuration
[Interface]
Address = 10.14.0.2/16
PrivateKey = (redacted)
DNS = (surfshark's provided DNS)
PostUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
PostUp = iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT
PreDown = iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT
PostUp = iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PreDown = iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostUp = sysctl -w net.ipv4.ip_forward=1
[Peer]
PublicKey = (redacted)
AllowedIPs = 0.0.0.0/0
Endpoint = (surfshark endpoint)
With this, from a laptop I’m able to:
- ping 8.8.8.8 and google.com successfully
- receive and send Telegram messages (but admittedly, it’s a bit slow)
However, I can’t browse any web, they just don’t load.
I’ve run a tcpdump on the RPi and I can see traffic coming and going.
I used this setup a couple of years ago although I was using an EC2 instance instead of Surfshark’s VPN. I can’t think of why that would be the issue, I’ll try again using that if my current setup doesn’t work but I’d like to understand what may be going wrong here.
Any ideas? Happy to provide TCP dumps, a more detailed schematic, etc