 | WireGuard | 468 Members |
| Unofficial matrix channel about wireguard related stuff. Everything about installation, administration and usage can be discussed here! Wireguard - the fast, modern, secure VPN tunnel | 68 Servers |
| WireGuard | 468 Members |
| Unofficial matrix channel about wireguard related stuff. Everything about installation, administration and usage can be discussed here! Wireguard - the fast, modern, secure VPN tunnel | 68 Servers |
| Sender | Message | Time |
|---|---|---|
| 5 Oct 2022 | ||
 drpsydo | Hello, Site A does have a wireguard client with the following config: [Interface] [Peer] The Server on site B has the following configuration: [Interface] Set the IP range that client devices will receive an IP inAddress = 10.220.2.1/24 The port that will be used to listen to connections. 51820 is the default.ListenPort = <some-port> server's private key.PrivateKey = <some-privatekey> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE; #wireguard client on site A, 192.168.1.253/24 I can reach the server's network without any problems, but the client network is out of reach.. I would be very thankful if someone could help me with this. | 16:51:20 |
| drpsydo |  Download client.png | 16:53:39 |
| drpsydo |  Download server.png | 16:53:53 |
| drpsydo | Now it is readable, sorry first time using matrix xD | 16:54:33 |
| drpsydo | * Hello, I'm trying to setup a site to site configuration with wireguard, but seem to have some sort of routing problem. The site A doesn't allow it's ports to be accessible from the internet, while site B does. I essentially want to access the client's network from the server side. Site A is on subnet 192.168.1.0/24 while site B is on subnet 192.168.2.0/24. Site A does have a wireguard client with the following config: [Interface] PrivateKey = <some-privatekey> Address = 10.220.2.3/32 DNS = 192.168.2.1 [Peer] PublicKey = <some-publickey> Endpoint = <some-ip>:<some-port> AllowedIPs = 10.220.2.1/32 The Server on site B has the following configuration: [Interface] Address = 10.220.2.1/24 ListenPort = <some-port> PrivateKey = <some-privatekey> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE; PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE [Peer] PublicKey = <some-publickey> AllowedIPs = 10.220.2.3/32, 192.168.1.0/24 PersistentKeepalive = 15 I can reach the server's network without any problems, but the client network is out of reach.. I would be very thankful if someone could help me with this. | 16:55:37 |
| drpsydo | * Hello, I'm trying to setup a site to site configuration with wireguard, but seem to have some sort of routing problem. The site A doesn't allow it's ports to be accessible from the internet, while site B does. I essentially want to access the client's network from the server side. Site A is on subnet 192.168.1.0/24 while site B is on subnet 192.168.2.0/24. Site A does have a wireguard client with the following config: [Interface] PrivateKey = <some-privatekey> Address = 10.220.2.3/32 DNS = 192.168.2.1 [Peer] PublicKey = <some-publickey> Endpoint = <some-ip>:<some-port> AllowedIPs = 10.220.2.1/32 The Server on site B has the following configuration: [Interface] Address = 10.220.2.1/24 ListenPort = <some-port> PrivateKey = <some-privatekey> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE; PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE #client IP is 192.168.1.253 [Peer] PublicKey = <some-publickey> AllowedIPs = 10.220.2.3/32, 192.168.1.0/24 PersistentKeepalive = 15 I can reach the server's network without any problems, but the client network is out of reach.. I would be very thankful if someone could help me with this. | 16:56:48 |
| drpsydo | * Hello, Site A does have a wireguard client with the following config: _[Interface] [Peer] The Server on site B has the following configuration: [Interface] PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE; #client IP is 192.168.1.253 I can reach the server's network without any problems, but the client network is out of reach.. I would be very thankful if someone could help me with this. | 16:57:43 |
| drpsydo | * Hello, Site A does have a wireguard client with the following config: [Interface] [Peer] The Server on site B has the following configuration: [Interface] PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE; #client IP is 192.168.1.253 I can reach the server's network without any problems, but the client network is out of reach.. I would be very thankful if someone could help me with this. | 16:57:53 |
| drpsydo | * Hello, Site A does have a wireguard client with the following config: [Interface] [Peer] The Server on site B has the following configuration: [Interface] PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE; #client IP is 192.168.1.253 I can reach the server's network without any problems, but the client network is out of reach.. I would be very thankful if someone could help me with this. | 16:58:25 |
 @matrix_help:matrix.org | Redacted or Malformed Event | 19:37:37 |
| @matrix_help:matrix.org left the room. | 19:48:07 | |
| drpsydo | This is the routing table on the server: root@v-vpn-21:/etc/wireguard# ip route default via 192.168.2.1 dev ens18 proto static 10.220.2.0/24 dev wg0 proto kernel scope link src 10.220.2.1 192.168.1.0/24 dev wg0 scope link 192.168.2.0/24 dev ens18 proto kernel scope link src 192.168.2.52 Even though I have a route to the 192.168.1.0/24 subnet via the wireguard tunnel, I can't ping the client network. So I think maybe something is wrong with the Iptables rules? | 20:06:15 |
| 6 Oct 2022 | ||
 Xanarin banned @matrix_help:matrix.org (Posting spam). | 01:42:30 | |
| Xanarin | drpsydo: Are the failed pings happening with 192.168.1.253, the address that’s assigned to the Wireguard node on site A, or a different IP address on the 192.168.1.0/24 subnet? | 03:10:19 |
 @datastack:digitale-gesellschaft.ch left the room. | 05:13:26 | |
| drpsydo | I can ping the site B with the client (192.168.1.253) in site A. But the server in site B (192.168.2.52) can't ping the client in site A. | 06:58:52 |
 @mostafaario:matrix.org joined the room. | 07:30:25 | |
 kambizfatemi joined the room. | 08:23:24 | |
 emad joined the room. | 08:28:09 | |
 @shervin007:matrix.org joined the room. | 09:14:47 | |
| @shervin007:matrix.org left the room. | 09:15:08 | |
 thenikzad joined the room. | 11:08:10 | |
 Ali Khanmohammadi joined the room. | 11:23:27 | |
| @mostafaario:matrix.org left the room. | 14:20:01 | |
| Xanarin | drpsydo: Well, the first thing that I'm noticing is that the AllowedIPs directive in the client's config does not contain 192.168.2.0/24, which may be the issue if the ping packet has a source IP of 192.168.2.52. However, if the ping packet has a source IP of 10.220.2.1 then this isn't the issue | 16:24:22 |
| drpsydo | That might be the issue. I will check this and try using ping -S to get the source IP right. | 16:33:06 |
 @dapodapo:matrix.org joined the room. | 17:09:16 | |
| @dapodapo:matrix.org left the room. | 17:09:48 | |
| drpsydo | The ping from the server (192.168.2.52) to the client (192.168.1.253) is not working even after I have added the 192.168.2.0/24 subnet to the AllowedIPs of the client. The server also can't ping the client from 10.220.2.1 to 192.168.1.253. The only client IP I can ping from both server IPs is the one the client has as it's wireguard address (10.220.2.3). I've enabled the net.ipv4.ip_forward=1 on the client, without any change. | 18:44:44 |
 Mosa joined the room. | 20:36:53 | |