WireGuard Archive on lore.kernel.org
 help / Atom feed
* Routing to a network behind a node
@ 2018-09-08  9:06 M. Dietrich
  2018-09-08 10:23 ` Steven Honson
  0 siblings, 1 reply; 3+ messages in thread
From: M. Dietrich @ 2018-09-08  9:06 UTC (permalink / raw)
  To: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 1031 bytes --]

Hi,

i have setup a wg vpn with several nodes, lets say in a
network 172.16.215.0/24. one of the boxes (ip 172.16.215.2) in
that network has an interface to a different network with
additional boxes, lets say 172.16.0.0/24. i would like to
reach the boxes in that network directly so i established a
route on another node in the wg network (172.16.215.1) like
this:

	ip route add 172.16.0.0/24 via 172.16.215.2

but once i ping 172.16.0.1 i get the error

	From 172.16.215.1 icmp_seq=1 Destination Host Unreachable
	ping: sendmsg: Required key not available

it seems the package reaches wireguard but wireguard doesnt
know the "via" and tells it has no key to route to 172.16.0.1
which is fine. but why doesn wg honour the via and send it to
the router 172.16.215.2?

i think its more or less whats done if you route all your
traffic through wg so i assume i do a terrible stupid mistake
(i am no network or kernel routing expert which may be an
excuse), can someone help?

best regards,
M. Dietrich

[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Routing to a network behind a node
  2018-09-08  9:06 Routing to a network behind a node M. Dietrich
@ 2018-09-08 10:23 ` Steven Honson
  2018-09-08 19:54   ` M. Dietrich
  0 siblings, 1 reply; 3+ messages in thread
From: Steven Honson @ 2018-09-08 10:23 UTC (permalink / raw)
  To: M. Dietrich; +Cc: WireGuard mailing list

Hello,

Have you added 172.16.0.0/24 to the AllowedIPs entry for the =
172.16.215.2 Peer on 172.16.215.1?

Are you able to share your WireGuard configuration?

Cheers,
Steven

> On 8 Sep 2018, at 7:06 pm, M. Dietrich <mdt@emdete.de> wrote:
>=20
> Hi,
>=20
> i have setup a wg vpn with several nodes, lets say in a
> network 172.16.215.0/24. one of the boxes (ip 172.16.215.2) in
> that network has an interface to a different network with
> additional boxes, lets say 172.16.0.0/24. i would like to
> reach the boxes in that network directly so i established a
> route on another node in the wg network (172.16.215.1) like
> this:
>=20
> 	ip route add 172.16.0.0/24 via 172.16.215.2
>=20
> but once i ping 172.16.0.1 i get the error
>=20
> 	=46rom 172.16.215.1 icmp_seq=3D1 Destination Host Unreachable
> 	ping: sendmsg: Required key not available
>=20
> it seems the package reaches wireguard but wireguard doesnt
> know the "via" and tells it has no key to route to 172.16.0.1
> which is fine. but why doesn wg honour the via and send it to
> the router 172.16.215.2?
>=20
> i think its more or less whats done if you route all your
> traffic through wg so i assume i do a terrible stupid mistake
> (i am no network or kernel routing expert which may be an
> excuse), can someone help?
>=20
> best regards,
> M. Dietrich
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Routing to a network behind a node
  2018-09-08 10:23 ` Steven Honson
@ 2018-09-08 19:54   ` M. Dietrich
  0 siblings, 0 replies; 3+ messages in thread
From: M. Dietrich @ 2018-09-08 19:54 UTC (permalink / raw)
  To: Steven Honson; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 283 bytes --]

Quotation from Steven Honson at September 8, 2018 12:23:
> Have you added 172.16.0.0/24 to the AllowedIPs entry for the
> 172.16.215.2 Peer on 172.16.215.1?

no - thank you for pointing me there. i now added an
additional AllowedIPs line and it works!

thank's,
M. Dietrich

[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-08  9:06 Routing to a network behind a node M. Dietrich
2018-09-08 10:23 ` Steven Honson
2018-09-08 19:54   ` M. Dietrich

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox