From: Arpit Gupta <g.arpit@gmail.com>
To: XRP <xrp@airmail.cc>
Cc: wireguard@lists.zx2c4.com
Subject: Re: cant connect to wireguard when router connected to a vpn service
Date: Wed, 6 Mar 2019 07:59:22 -0800 [thread overview]
Message-ID: <CAGCGyt+gvYDHR3KHi+HRc2pCnyLbefV3h=OmfSOqhfdR564p0w@mail.gmail.com> (raw)
In-Reply-To: <3053f293b7e9a34a733c2b5b314e2d8a620682db.camel@airmail.cc>
[-- Attachment #1.1: Type: text/plain, Size: 1964 bytes --]
Tried changing the allowed ip's to what was suggested and it did not work.
Same behavior as before. Also my configs were working as expected before i
had my router connected to a vpn service.
It required me to add the following route policy for my vpn client on my
router
Source IP: 192.168.1.0/24, Destination: 0.0.0.0 will go throuh the VPN. So
if it matters if i connected to wireguard using the ip address of the ISP
vs the IP address of the VPN?
--
Arpit
On Wed, Mar 6, 2019 at 1:18 AM XRP <xrp@airmail.cc> wrote:
> On Wed, 2019-03-06 at 08:40 +0000, Arpit Gupta wrote:
> > On my server my conf is
> >
> > [Interface]
> > Address = 192.168.100.1/32
> > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o
> > %i -j
> > ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD
> > -o %i
> > -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
> > ListenPort = 54930
> > PrivateKey = xxxxx
> >
> > [Peer]
> > PublicKey = xxxx
> > AllowedIPs = 192.168.100.2/32
> >
> >
> > on my client my config is
> >
> > [Interface]
> > Address = 192.168.100.2
> > PrivateKey = xxxxx
> > ListenPort = 21841
> > DNS = 192.168.1.63
> >
> > [Peer]
> > PublicKey = xxxx
> > Endpoint = ddns:xxx
> > AllowedIPs = 192.168.1.0/24
> >
> > # This is for if you're behind a NAT and
> > # want the connection to be kept alive.
> > PersistentKeepalive = 25
>
> Try changing AllowedIPs in the client config to:
> AllowedIPs = 192.168.100.1/32,192.168.1.0/24
>
> Also, if you want to masquerade the traffic to the internet you need to
> add 0.0.0.0./0 to the client or change the destination IP to the server
> node via a NAT rule, otherwise it's going to be rejected because the IP
> packet doesn't have an AllowedIP address, I think. (The source needs to
> match, so either 192.168.100.1/32 or 192.168.1.0/24). My guess is
> that's why you couldn't complete the handshake.
>
>
[-- Attachment #1.2: Type: text/html, Size: 3157 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-03-06 15:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-06 8:40 cant connect to wireguard when router connected to a vpn service Arpit Gupta
2019-03-06 9:18 ` XRP
2019-03-06 15:59 ` Arpit Gupta [this message]
2019-03-06 16:20 ` Arpit Gupta
2019-03-06 18:22 ` Arpit Gupta
2019-03-07 8:04 ` David Kerr
2019-03-07 17:54 ` Arpit Gupta
2019-03-07 19:18 ` Arpit Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGCGyt+gvYDHR3KHi+HRc2pCnyLbefV3h=OmfSOqhfdR564p0w@mail.gmail.com' \
--to=g.arpit@gmail.com \
--cc=wireguard@lists.zx2c4.com \
--cc=xrp@airmail.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.