Remote Desktop not working

[BeerBelly]

Hi,

I have have WG server running on a local NUC machine that's always on. The computer has a local IP of 192.168.2.100
I set the WG server to dish out IPs in the subnet of 192.168.100.0/24

Once I use WG from a remote location, I get the local IP intended for me (192.168.100.2) and the public IP of the network that has the NUC server running...When I try to use Remote Desktop to connect to a different computer (local IP of 192.168.2.192 - same subnet as the NUC server), I get a connection timeout.
Both the wg_server adapter and the ethernet on the NUC server have their network set as private.

What can I check?

[micahmo]

Hey @BeerBelly thanks for the question! There are a couple things to try.

1. Can you ping 192.168.2.192?
2. What are the Allowed IPs for the client config?

[BeerBelly]

Hey, @micahmo
Thanks for answering.

I can ping the 192.168.2.192 address (after enabling the File and Printer Sharing (Echo Request - ICMPv4-In) rule)
I can't remote into it still though...I've even added the subnet IP into a firewall rule (Remote Desktop - User Mode (TCP-In)) under remote IP address (local has any allowed)
I can't just allow all for this computer.

The Allowed IPs for the WG server are 0.0.0.0/0 - left as default

[micahmo]

Thanks for the response and for testing the ping! Since you can ping, then WireGuard is doing it's job. My guess is that something else is going on. Maybe you need to add a firewall rule for the RDP port 3389?

[BeerBelly]

I'm guessing there has to be something in the firewall blocking it yep, since ping is getting through.
I even tried changing the allowed IPs to: 0.0.0.0/1,128.0.0.0/1 after some googling, but didn't help.

Will try to get it running

[micahmo]

Yeah sounds like. Sorry I can't provide more help. If ping is definitely working, then I don't think the problem is on the WireGuard side. It doesn't do protocol blocking or anything like that. Just routing. Best of luck!

[BeerBelly]

Just one more quick question...does it route only specific ports? Maybe 3389 needed for RDP is blocked by UFW or something similar?

[micahmo]

I'm not aware of any settings related to ports in WireGuard except the port that the server runs on. Sorry!

[BeerBelly]

No worries, thank you though for a great program that takes away a lot of the hassle of setting up WG on Windows

[micahmo]

Of course! Best of luck getting it set up and working. I'll let you know if I can think of anything else.

Could you (very) temporarily disable the firewall and see if you can connect, just to prove whether it's the problem?

[BeerBelly]

Tried, but can't :) part of a larger group policy that would disable other stuff as well :)

It is getting dropped by the firewall though:
2024-08-21 15:10:56 DROP TCP 192.168.2.100 192.168.2.192 50661 3389 52 S 2593780163 0 64860 - - - RECEIVE

Now I need to figure out why...

[micahmo]

Aha! Nice find!

Maybe it's because the originating IP looks like it's coming from the WireGuard server (where everything is getting routed through) instead of the remote client? And so the IP you need to allow is the 192.168.2.x range instead of the 192.168.100.x range? Just a thought!

[james8128]

NAT is needed in this case. Did you have enabled it ?