On Thu, Mar 22, 2018, 19:27 ST <smntov@gmail.com> wrote:

> Hello,
>
> I'm new to networking in general and VPN in particular but need to setup
> infrastructure to be able to SSH easily to several people who are behind
> routers (NAT). After reading that WireGuard is super simple - I decided
> to give it try.
>
> It indeed turned out to be simple till now. I setup a Debian virtual
> server with a public IP and configure it as follows:
>
> Server:
>
> # wg
> interface: wg0
>   public key: QMwhCacViCKcTrkevg5NxLnTEJDU1bTNgQp43rp7BHM=
>   private key: (hidden)
>   listening port: 12000
>
> peer: hiUdjmCK+iZf8wGEB+rYxMYYBF8QoOsm3nkF3asllRY=
>   endpoint: 37.X.Y.Z:4488
>   allowed ips: 10.8.8.9/32


Where is that port from?


Is everything OK here?... At the beginning everything worked as expected
> - I could ping/SSH in both directions via the private 10.8.8.8 and
> 10.8.8.9 addresses. Later I put my desktop into "hibernate mode" and
> after turning it on again could no longer use the link...
>

I guess the NAT router in between dropped your connection by timeout.
You either need to ping from behind-NAT first, to re-establish the tunnel,
or if you want to do it both-ways setup portforwarding on the NAT.

Check the keepalive opions in wg, in case your NAT has only short memory.

Cheers,
Kalin.