From: Arpit Gupta <g.arpit@gmail.com>
To: XRP <xrp@airmail.cc>
Cc: wireguard@lists.zx2c4.com
Subject: Re: cant connect to wireguard when router connected to a vpn service
Date: Wed, 6 Mar 2019 07:59:22 -0800 [thread overview]
Message-ID: <CAGCGyt+gvYDHR3KHi+HRc2pCnyLbefV3h=OmfSOqhfdR564p0w@mail.gmail.com> (raw)
In-Reply-To: <3053f293b7e9a34a733c2b5b314e2d8a620682db.camel@airmail.cc>
[-- Attachment #1.1: Type: text/plain, Size: 1964 bytes --]
Tried changing the allowed ip's to what was suggested and it did not work.
Same behavior as before. Also my configs were working as expected before i
had my router connected to a vpn service.
It required me to add the following route policy for my vpn client on my
router
Source IP: 192.168.1.0/24, Destination: 0.0.0.0 will go throuh the VPN. So
if it matters if i connected to wireguard using the ip address of the ISP
vs the IP address of the VPN?
--
Arpit
On Wed, Mar 6, 2019 at 1:18 AM XRP <xrp@airmail.cc> wrote:
> On Wed, 2019-03-06 at 08:40 +0000, Arpit Gupta wrote:
> > On my server my conf is
> >
> > [Interface]
> > Address = 192.168.100.1/32
> > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o
> > %i -j
> > ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD
> > -o %i
> > -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
> > ListenPort = 54930
> > PrivateKey = xxxxx
> >
> > [Peer]
> > PublicKey = xxxx
> > AllowedIPs = 192.168.100.2/32
> >
> >
> > on my client my config is
> >
> > [Interface]
> > Address = 192.168.100.2
> > PrivateKey = xxxxx
> > ListenPort = 21841
> > DNS = 192.168.1.63
> >
> > [Peer]
> > PublicKey = xxxx
> > Endpoint = ddns:xxx
> > AllowedIPs = 192.168.1.0/24
> >
> > # This is for if you're behind a NAT and
> > # want the connection to be kept alive.
> > PersistentKeepalive = 25
>
> Try changing AllowedIPs in the client config to:
> AllowedIPs = 192.168.100.1/32,192.168.1.0/24
>
> Also, if you want to masquerade the traffic to the internet you need to
> add 0.0.0.0./0 to the client or change the destination IP to the server
> node via a NAT rule, otherwise it's going to be rejected because the IP
> packet doesn't have an AllowedIP address, I think. (The source needs to
> match, so either 192.168.100.1/32 or 192.168.1.0/24). My guess is
> that's why you couldn't complete the handshake.
>
>
[-- Attachment #1.2: Type: text/html, Size: 3157 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-03-06 15:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-06 8:40 cant connect to wireguard when router connected to a vpn service Arpit Gupta
2019-03-06 9:18 ` XRP
2019-03-06 15:59 ` Arpit Gupta [this message]
2019-03-06 16:20 ` Arpit Gupta
2019-03-06 18:22 ` Arpit Gupta
2019-03-07 8:04 ` David Kerr
2019-03-07 17:54 ` Arpit Gupta
2019-03-07 19:18 ` Arpit Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGCGyt+gvYDHR3KHi+HRc2pCnyLbefV3h=OmfSOqhfdR564p0w@mail.gmail.com' \
--to=g.arpit@gmail.com \
--cc=wireguard@lists.zx2c4.com \
--cc=xrp@airmail.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).