All was working... AND ... I do regularly take "backup" while I am changing settings.
So, I contacted my VPN provider about speed/performance as I have dedicated IP. They suggested changing the IP to one that is geographically closer. There are no other changes - meaning keys stay same, ports same, inbound address same etc... to test a different IP it is literally one change (the IP address in tunnel endpoint ) then restart the WG tunnel... Then run some speed tests.
Three times - I changed the endpoint IP - then tested. Each time tunnel comes up and tests run good. Then I change back (4th change) to my original IP restart the tunnel and discuss with VPN provider the test results. About 30 minutes later they give me a NEW IP , not identical to what I tested (x.x.x.2), but on the same subnet(x.x.x.254) as the fastest IP from the 3 that I tested. So, then I change to my new IP (5th change) and again restart the tunnel... Everything seems working ok and faster than before. BUT THEN I notice something strange....
Cannot connect (initiate a connection) from the outside. Cannot connect at all. No packets being dropped on my side for incoming connection. No packets being received, so nothing hitting any of the PF -t nat PREROUTING rules. . I contact the VPN provider in case they forgot to activate port-forwarding with the new IP - they assure it is activated..
I try everything can think of for next 3 days.. Nothing works to fix it. Since 3 days I cannot inbound connect on my WG tunnel. I even restore my router to various "working status" backups. Even that does not fix it.
At that point I am convinced problem must be the VPN provider. So I setup a new tunnel to different VPN provider... and get EXACTLY same symptoms. They even send me a screen shot of their DNAT rules showing that packets are indeed being sent to me (over the tunnel) on the portforwarding port.
Where can I possibly go from here to fix it ? 2 VPN providers get same symptoms - so now it seems like it must be my side.. I only can think - is it possible that my ISP is somehow getting back in the mix and blocking these incoming connections?? But it is a TUNNEL, so that should be impossible ??
I am totally lost on this one... Any help/insight/thoughts would be much appreciated.
Hi @egc yes - no problems with outbound connections over the tunnels.
UPDATE:- I just had an email apology from my VPN provider.... "Upon further checking, we did find a technical problem relating to your port-fowarding. It is now corrected. We apologize for the inconvenience."
Hahahahaha ! "inconvenience" doesn't really fully describe the anguish, panic and disruption to sleep over 3 days. Anyway - that one is working perfectly again.
I can only assume that I must have a made a mistake in the 2nd VPN test. Or it is a coincidence that both failed with a similar/identical error at the same time.
Sometimes this network config stuff really can be very deflating... omg
