From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: jimb245@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 21bcb972 for ; Wed, 2 May 2018 18:30:02 +0000 (UTC) Received: from mail-lf0-x244.google.com (mail-lf0-x244.google.com [IPv6:2a00:1450:4010:c07::244]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c7fcbe36 for ; Wed, 2 May 2018 18:30:02 +0000 (UTC) Received: by mail-lf0-x244.google.com with SMTP id y72-v6so8557454lfd.2 for ; Wed, 02 May 2018 11:31:47 -0700 (PDT) MIME-Version: 1.0 From: Jim Brandt Date: Wed, 02 May 2018 18:31:35 +0000 Message-ID: Subject: Access to server's local network To: wireguard@lists.zx2c4.com Content-Type: multipart/alternative; boundary="0000000000009d0306056b3d4cba" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --0000000000009d0306056b3d4cba Content-Type: text/plain; charset="UTF-8" Hi, I set up WireGuard on two Ras Pi's, one acting as a vpn server and the other as a portable access point. The server uses only its eth0 interface. The access point uses one wifi interface for the public side, and another wifi plus eth0 for clients. The iptables are similar to www.ckn.io. Packets leaving the wg0 interface on the access point are NATed. I'd like to allow clients to access the server's local subnet as well as routing to the public net but do not see how to do it. Packets sent to a local ip seem to get dropped at the server end of the tunnel because that is as far as a traceroute can go, and tcpdump does not show the packets arriving at the wg0 interface. Packets to public ip's work as expected. ProxyARP is enabled on the server but that does not seem to be the current issue. Could anyone suggest a way to do this? Client wg-quick config: [Interface] Address = 10.200.200.3/32 DNS = 10.200.200.1 PrivateKey = ... MTU = 1500 [Peer] PublicKey = ... AllowedIPs = 0.0.0.0/0 Endpoint = 10.0.0.23:51820 PersistentKeepalive = 21 server wg-quick config: [Interface] Address = 10.200.200.1/32 ListenPort = 51820 PrivateKey = ... MTU = 1500 [Peer] PublicKey = ... AllowedIPs = 10.200.200.3/32 sudo ip route show: default via 10.0.0.1 dev eth0 src 10.0.0.23 metric 202 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.23 metric 202 10.200.200.3 dev wg0 scope link Click here to Reply or Forward 64.86 GB (30%) of 215 GB used Manage Terms - Privacy Last account activity: 1 minute ago Details --0000000000009d0306056b3d4cba Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Hi,

I set up WireGuard on two Ras Pi's, o= ne acting as a vpn server and the other as a portable access point. The ser= ver uses only its eth0 interface. The access point uses one wifi interface = for the public side, and another wifi plus eth0 for clients. The iptables a= re similar to=C2=A0www.ckn.io.=C2=A0 Packets leaving = the wg0 interface on the access point are NATed.

= =C2=A0I'd like to allow clients to access the server's local subnet= as well as routing to the public net but do not see how to do it.=C2=A0 Pa= ckets sent to a local ip seem to get dropped at the server end of the tunne= l because that is as far as a traceroute can go, and tcpdump does not show = the packets arriving at the wg0 interface. Packets to public ip's work = as expected. ProxyARP is enabled on the server but that does not seem to be= the current issue. Could anyone suggest a way to do this?

Client wg-quick config:

[Interface]<= /div>
Address =3D=C2=A010.200.200.3/32
<= div>DNS =3D 10.200.200.1
PrivateKey =3D ...
MTU =3D 150= 0

[Peer]
PublicKey =3D ...
All= owedIPs =3D=C2=A00.0.0.0/0
Endpoint =3D= =C2=A010.0.0.23:51820
PersistentKeepalive = =3D 21

server wg-quick config:
[Interface]
Address =3D=C2=A010.200.200.1/32
ListenPort =3D 51820
PrivateKey = =3D ...
MTU =3D 1500

[Peer]
Pu= blicKey =3D ...
AllowedIPs =3D=C2=A010.200.= 200.3/32

sudo ip route show:
<= br>
default via 10.0.0.1 dev eth0 src 10.0.0.23 metric 202= =C2=A0
10.0.0.0/24=C2=A0dev eth0 proto kern= el scope link src 10.0.0.23 metric 202=C2=A0
10.200.200.3 dev wg0= scope link=C2=A0

Click here to=C2=A0Reply=C2=A0or=C2=A0Forward
<= /div>
<= div class=3D"gmail-l2 gmail-ov" style=3D"padding-bottom:440px;padding-top:2= 0px;text-align:center">
64.86 GB=C2=A0(30%) of=C2=A0215 GB=C2=A0used
Manage
Terms=C2= =A0-=C2=A0Privacy
Last account activity: 1 minute ago
Details

--0000000000009d0306056b3d4cba--