[Bug]: No client access with Wireguard tunnel activated

[jayzebra]

Code of Conduct

• I agree to follow this project's Code of Conduct.

Issue reporting checklist

• I have read and understand the issue reporting policy.
• I have read and followed the common sense checklist.
• I observed this bug on a clean install of a supported OS.
• I have followed the project prerequisites.
• I have searched this repository for existing issues.
• I checked the FAQ and official documentation.
• I am using an external wireless adapter.
• I have generated a RaspAP debug log and performed a self-diagnosis.

Operating System

Raspberry Pi OS (64-bit) Lite Bookworm

Installation method

Pre-built image

Onboard wireless chipset or external adapter?

Onboard wireless chipset

Hardware

Raspberry Pi 3 Model B

RaspAP version

Latest

Other software or services running with RaspAP?

No other software

Contact details (optional)

No response

Bug description

After booting RaspAP from a clean install, I configured hostap.
Everything seems to be working well and the clients could access internet.
After, I configured Wireguard by uploading the configuration and ensuring the wireguard was on (green icon). However, no client could access the internet or any internal client.
After ssh I noticed no firewall rules were configured. Even after trying to activate the option " Apply iptables rules to the selected interface " it seemed to have no effect and it always defaults to "wlan0" even if I select another one.
I also tried a fresh install and activating this option when submitting the wireguard config.

After doing an ssh and running the Postup rules from networking/defaults.json, all the clients could correctly access the net via wireguard.
(iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE)

Q: Could be that Postup rules are not being executed?

Steps to reproduce

1 - Fresh Install
2 - Configure hostap (optional) and connect clients
3 - Upload wireguard config and start wireguard (if necessary)
4 - Confirm no access to the web via vpn with the wireless client
5 - connect via ssh to RaspAP
6 - type in the console the Postup rules and confirm client access

Screenshots

No response

Additional context

No response

Relevant log output

[billz]

Are you enabling the toggle switch when uploading your .conf, as shown below?

[jayzebra]

Hi @billz ,

Yes, I did.

I tried it in two ways:
"Even after trying to activate the option " Apply iptables rules to the selected interface " it seemed to have no effect and it always defaults to "wlan0" even if I select another one.
I also tried a fresh install and activating this option when submitting the wireguard config."

If I refresh the page the switch shows up as inactive and defaults to wlan0, even if I save with other interface.

Let me know if it's not clear or you need more info.

Thank you!

[billz]

The wg page writes a config to the path below. Using my example above:

$ cat /etc/wireguard/wg0.conf 
[Interface]
PrivateKey = (removed)
Address = 10.66.98.202/32,fc00:bbbb:bbbb:bb01::3:62c9/128
DNS = 10.64.0.1
PostUp = iptables -A FORWARD -i wlan1 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wlan1 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE

[Peer]
PublicKey = jUMZWFOgoFGhZjBAavE6jW8VgnnNpL4KUiYFYjc1fl8=
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = 103.108.229.50:51820

As indicated, the wlan1 interface is applied.

[billz]

Closing this as not reproducible / no response from user.