Hi Jean-Yves,

On 09/05/17 23:32, Bzzzz wrote:
> 1- I solved the LAN being unreachable apart the endpoint and the internet
>    being completely unreachable with an iptables rule:
>    iptables -t nat -I POSTROUTING -s 10.11.12.0/24 -o eth0 -j MASQUERADE
>    is this right? (if not, why?)

I don't think this is Wireguard specific. That rule essentially allows
that machine to act as a NAT gateway, the same as for e.g. an OpenVPN
server.

> 2- When I want to ssh any LAN machine, wireshark only sees 4 packets:
> 	client announce
> 	server ACK
> 	client key negociation
> 	server key negociation
>    and that's all.
>    Is it a limitation (non-TCP packets) or is there another reason for
>    ssh not working as expected? (connecting to any machine http srv works
>    perfectly)

SSH over a Wireguard interface works as expected for me. You might have
some luck seeing what's going on with `ssh -v` (and increasing the
verbosity with further `v`s, e.g. `ssh -vvvv`).



Jonathon