Interested in your project for personal purposes, began to install on the kernel 5.4.
Installed wireguard, configured it, the connection was successful. I started trying to install your project according to the instructions, but I ran into a problem related to working without a certificate. There is no certificate, and I want to check the work via ip (example http://18.104.22.168 ), but it sends to v214183384.local , which obviously does not work from the global Internet. I tried to change the default[‘firezone’][‘external_url’] parameter in the firezone.rb file, but this did not give anyone a solution.
Tell me where to look?
Hey @Feerchik – Hmm – did you run
firezone-ctl reconfigure after changing the
default['firezone']['external_url'] parameter? That should set the canonical URL for nginx properly and prevent redirects.
You may have luck disabling redirects to canonical by setting
default['firezone']['nginx']['redirect_to_canonical'] = false. Let me know if that fixes it.
Yes, I did “sudo firezone-ctl reconfigure” after changing the config file. If I’m not mistaken I have “default[‘firezone’][‘nginx’][‘redirect_to_canonical’] = false” by default. I provide screenshots
Hey @Feerchik you need to uncomment the config lines you wish to change by removing the
# at the beginning of the line. Try that and see if that fixes your issue.
Indeed)) I uncommented “default[‘firezone’][‘nginx’][‘redirect_to_canonical’] = false” , didn’t solve the problem. When generating, the user’s admin specifies the correct address, but redirects upon transition.
I execute the “sudo firezone-ctl reconfigure” command every time after changing the file.
Note you’ll also need to uncomment the
default['firezone']['external_url'] line as well, and also set
default['firezone']['nginx']['force_ssl'] = false. If those still don’t fix this issue, this is a bug and I’ll work on a fix
I uncommented the line you mentioned above. It didn’t help either.)
You can check it yourself at your leisure: Ubuntu Server 20.04 core 22.214.171.124. First install from the wireguard repository, then install your project via deb. I really do not exclude that I have crooked hands.
I decided to install your project for the sake of interest, through the link “bash <(curl -Ls https://github.com/firezone/firezone/raw/master/scripts/install.sh)” , you won’t believe it, but the project started, wireguard launched user to the network, but nat does not work. Ping to 10.1.2.1 works, to 126.96.36.199 or 188.8.131.52 is fine too. DNS is registered 184.108.40.206, but does not open sites. The resolved address is 0.0.0.0/0.
I see — for the routing issue try double-checking that your firewall is allowing routed packets: Troubleshoot | Docs Firezone
Was your previous issue happening on an upgraded instance or a fresh install?
Indeed, enabling data routing in ufw solved the problem.
Thank you very much for the advice. I will study the project, test it and write it back to you, unless of course your opinion is important.
By the way, when you register, you swear at large email addresses, you had to use a backup mail)